| Expand | Severity | Title | Port/Service |
|
|
2
|
TCP Sequence Number Approximation Based Denial of Service |
The cause of the vulnerability is that affected implementations will accept TCP sequence numbers within a certain range, known as the acknowledgement range, of the expected sequence number for a packet in the session. This is determined by the TCP window size, which is negotiated during the three-way handshake for the session. Larger TCP window sizes may be set to allow for more throughput, but the larger the TCP window size, the more probable it is to guess a TCP sequence number that falls within an acceptable range. It was initially thought that guessing an acceptable sequence number was relatively difficult for most implementations given random distribution, making this type of attack impractical. However, some implementations may make it easier to successfully approximate an acceptable TCP sequence number, making these attacks possible with a number of protocols and implementations.
This is further compounded by the fact that some implementations may support the use of the TCP Window Scale Option, as described in RFC 1323, to extend the TCP window size to a maximum value of 1 billion.
This vulnerability will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing for denial of service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approximated sequence number and a forged source IP address and TCP port.
There are a few factors that may present viable target implementations, such as those which depend on long-lived TCP connections, those that have known or easily guessed IP address endpoints and those implementations with easily guessed TCP source ports. It has been noted that Border Gateway Protocol (BGP) is reported to be particularly vulnerable to this type of attack, due to the use of long-lived TCP sessions and the possibility that some implementations may use the TCP Window Scale Option. As a result, this issue is likely to affect a number of routing platforms.
Another factor to consider is the relative difficulty of injecting packets into TCP sessions, as a number of receiving implementations will reassemble packets in order, dropping any duplicates. This may make some implementations more resistant to attacks than others.
It should be noted that while a number of vendors have confirmed this issue in various products, investigations are ongoing and it is likely that many other vendors and products will turn out to be vulnerable as the issue is investigated further.
Various implementations and products including Check Point, Cisco, Cray Inc, Hitachi, Internet Initiative Japan, Inc (IIJ), Juniper Networks, NEC, Polycom, and Yamaha are currently undergoing review. Contact the vendors to obtain more information about affected products and fixes. NISCC Advisory 236929 - Vulnerability Issues in TCP details the vendor patch status as of the time of the advisory, and identifies resolutions and workarounds.
Refer to US-CERT Vulnerability Note VU#415294 and OSVDB Article 4030 to obtain a list of vendors affected by this issue and a note on resolutions (if any) provided by the vendor.
For Microsoft: Refer to MS05-019 and MS06-064 for further details.
For SGI IRIX: Refer to SGI Security Advisory 20040905-01-P
For SCO UnixWare 7.1.3 and 7.1.1: Refer to SCO Security Advisory SCOSA-2005.14
For Solaris (Sun Microsystems): The vendor has acknowledged the vulnerability; however a patch is not available. Refer to Sun Microsystems, Inc. Information for VU#415294 to obtain additional details. Also, refer to TA04-111A for detailed mitigating strategies against these attacks.
For NetBSD: Refer to NetBSD-SA2004-006
For Cisco: Refer to cisco-sa-20040420-tcp-ios.shtml.
For Red Hat Linux: There is no fix available.
Workaround:
The following BGP-specific workaround information has been provided.
For BGP implementations that support it, the TCP MD5 Signature Option should be enabled. Passwords that the MD5 checksum is applied to should be set to strong values and changed on a regular basis.
Secure BGP configuration instructions have been provided for Cisco and Juniper at these locations:
Secure Cisco IOS BGP Template
JUNOS Secure BGP Template
| Expand | Severity | Title | Port/Service |
|
|
3
|
OpenSSH Commands Information Disclosure Vulnerability |
Openssh-server could allow a remote attacker to obtain sensitive information because of the improper handling of forced commands.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
OpenSSH sftp Resource Exhaustion Vulnerability |
The vulnerability exists in following OpenSSH functions:-
1. The remote_glob function in sftp-glob.c and
2. The process_put function in sftp.c
Affected Versions:-
OpenSSH versions 5.8 and earlier in FreeBSD, NetBSD and OpenBSD.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
OpenSSH J-PAKE Session Key Retrieval Vulnerability |
OpenSSH, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol. This allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
Affected Software:
OpenSSH versions 5.6 and prior.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
Remote Access or Management Service Detected |
The Results section includes information on the remote access service that was found on the target.
Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Operating System Detected |
1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.
| Operating System | Technique | ID |
| FreeBSD | TCP/IP Fingerprint | U5517:22 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SMTP Banner | port 25/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
DNS Host Name |
| IP address | Host name |
| 152.2.0.72 | mxip0i.isis.unc.edu |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Firewall Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Target Network Information |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Service Provider |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Traceroute |
| Hops | IP | Round Trip Time | Probe |
| 1 | 152.2.20.1 | 0.41ms | ICMP |
| 2 | 152.19.253.105 | 1.70ms | ICMP |
| 3 | 152.2.0.72 | 1.38ms | ICMP |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Scan Time |
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Names Found |
| Host Name | Source |
| mxip0i.isis.unc.edu | FQDN |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open TCP Services List |
The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).
| Port | IANA Assigned Ports/Services | Description | Service Detected | OS On Redirected Port |
| 22 | ssh | SSH Remote Login Protocol | ssh | |
| 25 | smtp | Simple Mail Transfer | smtp | |
| 443 | https | http protocol over TLS/SSL | http over ssl | |
| 2222 | unreg-ab2 | Allen-Bradley unregistered port | ssh |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ICMP Replies Received |
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
| ICMP Reply Type | Triggered By | Additional Information |
| Echo (type=0 code=0) | Echo Request | Echo Reply |
| Unreachable (type=3 code=3) | UDP Port 1035 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 51101 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 7306 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 26274 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 98 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 1054 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 1042 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 1600 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 520 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 1981 | Port Unreachable |
| Time Stamp (type=14 code=0) | Time Stamp Request | 09:12:05 GMT |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Degree of Randomness of TCP Initial Sequence Numbers |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IP ID Values Randomness |
Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix Authentication Not Attempted |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Default Web Page | port 443/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 443/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 443/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL/TLS invalid protocol version tolerance | port 443/tcp over SSL |
| my version | target version |
| 0304 | 0301 |
| 0399 | 0301 |
| 0400 | rejected |
| 0499 | rejected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 443/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 443/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 0e:43:27:2c:e7:93 |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| countryName | US |
| stateOrProvinceName | Arizona |
| localityName | Scottsdale |
| organizationName | "GoDaddy.com, Inc." |
| organizationalUnitName | http://certificates.godaddy.com/repository |
| commonName | Go Daddy Secure Certification Authority |
| serialNumber | 07969287 |
| (0)SUBJECT NAME | |
| organizationName | *.isis.unc.edu |
| organizationalUnitName | Domain Control Validated |
| commonName | *.isis.unc.edu |
| (0)Valid From | Dec 22 20:06:48 2009 GMT |
| (0)Valid Till | Dec 22 20:06:48 2014 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (2048 bit) |
| (0) | Public-Key: (2048 bit) |
| (0) | Modulus: |
| (0) | 00:b4:b1:1b:f6:26:8f:ac:83:65:22:6c:70:b7:4d: |
| (0) | f3:41:04:74:34:c7:6c:bc:ca:c4:3e:42:be:4c:1d: |
| (0) | c7:90:cd:f1:eb:50:21:7d:fe:6f:64:6a:c3:67:22: |
| (0) | 13:14:4b:1f:22:72:37:94:46:4b:5a:9b:9b:0b:5c: |
| (0) | 4a:f2:9e:63:0f:92:35:53:7d:9c:9e:c5:19:f4:b9: |
| (0) | 21:6c:06:9b:ad:47:5c:04:84:f9:52:bd:7f:e2:ed: |
| (0) | 0c:8c:2f:ff:e0:48:f3:e6:8a:0f:17:10:74:3b:af: |
| (0) | 3f:fb:fb:f2:3c:b4:ac:37:76:58:cf:61:cf:35:94: |
| (0) | c1:f6:e2:cf:dc:95:04:b8:b6:0f:03:03:77:02:24: |
| (0) | df:d6:f5:b9:16:75:b5:2a:3b:6b:9b:79:04:d8:ce: |
| (0) | bf:97:96:7f:60:3d:c0:a8:34:0f:e3:70:5d:b4:8e: |
| (0) | 39:ee:7b:fd:b8:ba:3c:4c:db:80:68:19:f3:9b:33: |
| (0) | e3:ed:88:af:5a:73:49:af:cc:ea:82:03:3b:fe:71: |
| (0) | b1:f1:02:fb:c8:ae:82:58:79:e8:98:bb:74:6c:d2: |
| (0) | be:93:e2:6b:df:19:79:40:ad:c9:90:df:be:14:94: |
| (0) | 76:9f:dc:26:29:d6:d5:f2:b3:69:72:7b:7b:8d:64: |
| (0) | f3:f1:68:29:0d:62:c3:23:65:4a:97:cc:53:54:d2: |
| (0) | 4b:5d |
| (0) | Exponent: 65537 (0x10001) |
| (0)X509v3 EXTENSIONS | |
| (0)X509v3 Basic Constraints | critical |
| (0) | CA:FALSE |
| (0)X509v3 Extended Key Usage | TLS Web Server Authentication, TLS Web Client Authentication |
| (0)X509v3 Key Usage | critical |
| (0) | Digital Signature, Key Encipherment |
| (0)X509v3 CRL Distribution Points | |
| (0) | Full Name: |
| (0) | URI:http://crl.godaddy.com/gds1-12.crl |
| (0)X509v3 Certificate Policies | Policy: 2.16.840.1.114413.1.7.23.1 |
| (0) | CPS: http://certificates.godaddy.com/repository/ |
| (0)Authority Information Access | OCSP - URI:http://ocsp.godaddy.com/ |
| (0) | CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt |
| (0)X509v3 Authority Key Identifier | keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7 |
| (0)X509v3 Subject Alternative Name | DNS:*.isis.unc.edu, DNS:isis.unc.edu |
| (0)X509v3 Subject Key Identifier | C1:AE:28:7A:CA:E6:FC:6B:71:BE:5E:40:38:E5:BD:99:24:A3:D5:27 |
| (0)Signature | (256 octets) |
| (0) | 0f:5c:76:01:a0:1a:06:1c:e5:ab:72:66:c9:a2:25:a6 |
| (0) | 38:6a:cf:e9:ca:a1:0f:86:0a:de:fb:4f:a4:23:67:e4 |
| (0) | 57:de:2a:d5:27:0f:74:af:9e:51:3d:06:b3:a6:a2:aa |
| (0) | a2:86:b2:c9:d5:01:0e:d4:d7:82:65:9f:36:21:fb:d6 |
| (0) | 10:f5:a3:b6:da:02:db:42:24:e6:20:b4:f9:c2:2b:7d |
| (0) | 6a:d1:f5:07:d5:d1:a7:b9:08:2b:d6:17:d7:0e:b4:8e |
| (0) | cf:ad:b1:87:ed:1f:9b:af:92:b2:06:07:e2:7c:ba:9c |
| (0) | 6d:d1:61:5b:2e:1b:bc:6d:00:67:12:0d:10:6d:f1:2f |
| (0) | 33:a2:e7:80:fd:6d:dc:81:00:12:02:c8:bf:ff:72:7b |
| (0) | 43:2a:a4:39:2b:fe:ef:12:d9:af:ec:58:b5:40:a4:5a |
| (0) | 58:9e:80:17:87:99:2a:bf:d4:1f:8e:f9:ab:03:24:87 |
| (0) | 11:72:c1:f9:24:5d:d9:27:c5:e0:b4:4f:7b:cb:9c:c9 |
| (0) | 3e:93:b0:64:4e:a7:74:cd:4f:71:7b:be:05:03:8e:c1 |
| (0) | 53:d9:9f:66:b9:72:78:ad:f3:7c:ca:54:58:e1:7c:71 |
| (0) | aa:d3:36:6c:3d:d7:30:bc:0e:28:2c:33:5b:e4:c4:52 |
| (0) | 2c:62:be:c0:fb:10:8f:41:9c:f3:9e:a2:66:7b:13:1c |
| (1)CERTIFICATE 1 | |
| (1)Version | 3 (0x2) |
| (1)Serial Number | 0e:43:27:2c:e7:93 |
| (1)Signature Algorithm | sha1WithRSAEncryption |
| (1)ISSUER NAME | |
| countryName | US |
| stateOrProvinceName | Arizona |
| localityName | Scottsdale |
| organizationName | "GoDaddy.com, Inc." |
| organizationalUnitName | http://certificates.godaddy.com/repository |
| commonName | Go Daddy Secure Certification Authority |
| serialNumber | 07969287 |
| (1)SUBJECT NAME | |
| organizationName | *.isis.unc.edu |
| organizationalUnitName | Domain Control Validated |
| commonName | *.isis.unc.edu |
| (1)Valid From | Dec 22 20:06:48 2009 GMT |
| (1)Valid Till | Dec 22 20:06:48 2014 GMT |
| (1)Public Key Algorithm | rsaEncryption |
| (1)RSA Public Key | (2048 bit) |
| (1) | Public-Key: (2048 bit) |
| (1) | Modulus: |
| (1) | 00:b4:b1:1b:f6:26:8f:ac:83:65:22:6c:70:b7:4d: |
| (1) | f3:41:04:74:34:c7:6c:bc:ca:c4:3e:42:be:4c:1d: |
| (1) | c7:90:cd:f1:eb:50:21:7d:fe:6f:64:6a:c3:67:22: |
| (1) | 13:14:4b:1f:22:72:37:94:46:4b:5a:9b:9b:0b:5c: |
| (1) | 4a:f2:9e:63:0f:92:35:53:7d:9c:9e:c5:19:f4:b9: |
| (1) | 21:6c:06:9b:ad:47:5c:04:84:f9:52:bd:7f:e2:ed: |
| (1) | 0c:8c:2f:ff:e0:48:f3:e6:8a:0f:17:10:74:3b:af: |
| (1) | 3f:fb:fb:f2:3c:b4:ac:37:76:58:cf:61:cf:35:94: |
| (1) | c1:f6:e2:cf:dc:95:04:b8:b6:0f:03:03:77:02:24: |
| (1) | df:d6:f5:b9:16:75:b5:2a:3b:6b:9b:79:04:d8:ce: |
| (1) | bf:97:96:7f:60:3d:c0:a8:34:0f:e3:70:5d:b4:8e: |
| (1) | 39:ee:7b:fd:b8:ba:3c:4c:db:80:68:19:f3:9b:33: |
| (1) | e3:ed:88:af:5a:73:49:af:cc:ea:82:03:3b:fe:71: |
| (1) | b1:f1:02:fb:c8:ae:82:58:79:e8:98:bb:74:6c:d2: |
| (1) | be:93:e2:6b:df:19:79:40:ad:c9:90:df:be:14:94: |
| (1) | 76:9f:dc:26:29:d6:d5:f2:b3:69:72:7b:7b:8d:64: |
| (1) | f3:f1:68:29:0d:62:c3:23:65:4a:97:cc:53:54:d2: |
| (1) | 4b:5d |
| (1) | Exponent: 65537 (0x10001) |
| (1)X509v3 EXTENSIONS | |
| (1)X509v3 Basic Constraints | critical |
| (1) | CA:FALSE |
| (1)X509v3 Extended Key Usage | TLS Web Server Authentication, TLS Web Client Authentication |
| (1)X509v3 Key Usage | critical |
| (1) | Digital Signature, Key Encipherment |
| (1)X509v3 CRL Distribution Points | |
| (1) | Full Name: |
| (1) | URI:http://crl.godaddy.com/gds1-12.crl |
| (1)X509v3 Certificate Policies | Policy: 2.16.840.1.114413.1.7.23.1 |
| (1) | CPS: http://certificates.godaddy.com/repository/ |
| (1)Authority Information Access | OCSP - URI:http://ocsp.godaddy.com/ |
| (1) | CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt |
| (1)X509v3 Authority Key Identifier | keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7 |
| (1)X509v3 Subject Alternative Name | DNS:*.isis.unc.edu, DNS:isis.unc.edu |
| (1)X509v3 Subject Key Identifier | C1:AE:28:7A:CA:E6:FC:6B:71:BE:5E:40:38:E5:BD:99:24:A3:D5:27 |
| (1)Signature | (256 octets) |
| (1) | 0f:5c:76:01:a0:1a:06:1c:e5:ab:72:66:c9:a2:25:a6 |
| (1) | 38:6a:cf:e9:ca:a1:0f:86:0a:de:fb:4f:a4:23:67:e4 |
| (1) | 57:de:2a:d5:27:0f:74:af:9e:51:3d:06:b3:a6:a2:aa |
| (1) | a2:86:b2:c9:d5:01:0e:d4:d7:82:65:9f:36:21:fb:d6 |
| (1) | 10:f5:a3:b6:da:02:db:42:24:e6:20:b4:f9:c2:2b:7d |
| (1) | 6a:d1:f5:07:d5:d1:a7:b9:08:2b:d6:17:d7:0e:b4:8e |
| (1) | cf:ad:b1:87:ed:1f:9b:af:92:b2:06:07:e2:7c:ba:9c |
| (1) | 6d:d1:61:5b:2e:1b:bc:6d:00:67:12:0d:10:6d:f1:2f |
| (1) | 33:a2:e7:80:fd:6d:dc:81:00:12:02:c8:bf:ff:72:7b |
| (1) | 43:2a:a4:39:2b:fe:ef:12:d9:af:ec:58:b5:40:a4:5a |
| (1) | 58:9e:80:17:87:99:2a:bf:d4:1f:8e:f9:ab:03:24:87 |
| (1) | 11:72:c1:f9:24:5d:d9:27:c5:e0:b4:4f:7b:cb:9c:c9 |
| (1) | 3e:93:b0:64:4e:a7:74:cd:4f:71:7b:be:05:03:8e:c1 |
| (1) | 53:d9:9f:66:b9:72:78:ad:f3:7c:ca:54:58:e1:7c:71 |
| (1) | aa:d3:36:6c:3d:d7:30:bc:0e:28:2c:33:5b:e4:c4:52 |
| (1) | 2c:62:be:c0:fb:10:8f:41:9c:f3:9e:a2:66:7b:13:1c |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH daemon information retrieving | port 22/tcp |
For Red Hat ES 4:- SSH1 supported yes Supported authentification methods for SSH1 RSA,password Supported ciphers for SSH1 3des,blowfish SSH2 supported yes Supported keys exchange algorithm for SSH2 diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 Supported decryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported encryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported decryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported encryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported authentification methods for SSH2 publickey,gssapi-with-mic,password
| SSH1 supported | no |
| SSH2 supported | yes |
| Supported keys exchange algorithm for SSH2 | diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 |
| Supported decryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported encryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported decryption mac for SSH2 | hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported encryption mac for SSH2 | hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported authentication methods for SSH2 | password, publickey, keyboard-interactive |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH Banner | port 22/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 25/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 25/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 25/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 25/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 0e:43:27:2c:e7:93 |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| countryName | US |
| stateOrProvinceName | Arizona |
| localityName | Scottsdale |
| organizationName | "GoDaddy.com, Inc." |
| organizationalUnitName | http://certificates.godaddy.com/repository |
| commonName | Go Daddy Secure Certification Authority |
| serialNumber | 07969287 |
| (0)SUBJECT NAME | |
| organizationName | *.isis.unc.edu |
| organizationalUnitName | Domain Control Validated |
| commonName | *.isis.unc.edu |
| (0)Valid From | Dec 22 20:06:48 2009 GMT |
| (0)Valid Till | Dec 22 20:06:48 2014 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (2048 bit) |
| (0) | Public-Key: (2048 bit) |
| (0) | Modulus: |
| (0) | 00:b4:b1:1b:f6:26:8f:ac:83:65:22:6c:70:b7:4d: |
| (0) | f3:41:04:74:34:c7:6c:bc:ca:c4:3e:42:be:4c:1d: |
| (0) | c7:90:cd:f1:eb:50:21:7d:fe:6f:64:6a:c3:67:22: |
| (0) | 13:14:4b:1f:22:72:37:94:46:4b:5a:9b:9b:0b:5c: |
| (0) | 4a:f2:9e:63:0f:92:35:53:7d:9c:9e:c5:19:f4:b9: |
| (0) | 21:6c:06:9b:ad:47:5c:04:84:f9:52:bd:7f:e2:ed: |
| (0) | 0c:8c:2f:ff:e0:48:f3:e6:8a:0f:17:10:74:3b:af: |
| (0) | 3f:fb:fb:f2:3c:b4:ac:37:76:58:cf:61:cf:35:94: |
| (0) | c1:f6:e2:cf:dc:95:04:b8:b6:0f:03:03:77:02:24: |
| (0) | df:d6:f5:b9:16:75:b5:2a:3b:6b:9b:79:04:d8:ce: |
| (0) | bf:97:96:7f:60:3d:c0:a8:34:0f:e3:70:5d:b4:8e: |
| (0) | 39:ee:7b:fd:b8:ba:3c:4c:db:80:68:19:f3:9b:33: |
| (0) | e3:ed:88:af:5a:73:49:af:cc:ea:82:03:3b:fe:71: |
| (0) | b1:f1:02:fb:c8:ae:82:58:79:e8:98:bb:74:6c:d2: |
| (0) | be:93:e2:6b:df:19:79:40:ad:c9:90:df:be:14:94: |
| (0) | 76:9f:dc:26:29:d6:d5:f2:b3:69:72:7b:7b:8d:64: |
| (0) | f3:f1:68:29:0d:62:c3:23:65:4a:97:cc:53:54:d2: |
| (0) | 4b:5d |
| (0) | Exponent: 65537 (0x10001) |
| (0)X509v3 EXTENSIONS | |
| (0)X509v3 Basic Constraints | critical |
| (0) | CA:FALSE |
| (0)X509v3 Extended Key Usage | TLS Web Server Authentication, TLS Web Client Authentication |
| (0)X509v3 Key Usage | critical |
| (0) | Digital Signature, Key Encipherment |
| (0)X509v3 CRL Distribution Points | |
| (0) | Full Name: |
| (0) | URI:http://crl.godaddy.com/gds1-12.crl |
| (0)X509v3 Certificate Policies | Policy: 2.16.840.1.114413.1.7.23.1 |
| (0) | CPS: http://certificates.godaddy.com/repository/ |
| (0)Authority Information Access | OCSP - URI:http://ocsp.godaddy.com/ |
| (0) | CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt |
| (0)X509v3 Authority Key Identifier | keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7 |
| (0)X509v3 Subject Alternative Name | DNS:*.isis.unc.edu, DNS:isis.unc.edu |
| (0)X509v3 Subject Key Identifier | C1:AE:28:7A:CA:E6:FC:6B:71:BE:5E:40:38:E5:BD:99:24:A3:D5:27 |
| (0)Signature | (256 octets) |
| (0) | 0f:5c:76:01:a0:1a:06:1c:e5:ab:72:66:c9:a2:25:a6 |
| (0) | 38:6a:cf:e9:ca:a1:0f:86:0a:de:fb:4f:a4:23:67:e4 |
| (0) | 57:de:2a:d5:27:0f:74:af:9e:51:3d:06:b3:a6:a2:aa |
| (0) | a2:86:b2:c9:d5:01:0e:d4:d7:82:65:9f:36:21:fb:d6 |
| (0) | 10:f5:a3:b6:da:02:db:42:24:e6:20:b4:f9:c2:2b:7d |
| (0) | 6a:d1:f5:07:d5:d1:a7:b9:08:2b:d6:17:d7:0e:b4:8e |
| (0) | cf:ad:b1:87:ed:1f:9b:af:92:b2:06:07:e2:7c:ba:9c |
| (0) | 6d:d1:61:5b:2e:1b:bc:6d:00:67:12:0d:10:6d:f1:2f |
| (0) | 33:a2:e7:80:fd:6d:dc:81:00:12:02:c8:bf:ff:72:7b |
| (0) | 43:2a:a4:39:2b:fe:ef:12:d9:af:ec:58:b5:40:a4:5a |
| (0) | 58:9e:80:17:87:99:2a:bf:d4:1f:8e:f9:ab:03:24:87 |
| (0) | 11:72:c1:f9:24:5d:d9:27:c5:e0:b4:4f:7b:cb:9c:c9 |
| (0) | 3e:93:b0:64:4e:a7:74:cd:4f:71:7b:be:05:03:8e:c1 |
| (0) | 53:d9:9f:66:b9:72:78:ad:f3:7c:ca:54:58:e1:7c:71 |
| (0) | aa:d3:36:6c:3d:d7:30:bc:0e:28:2c:33:5b:e4:c4:52 |
| (0) | 2c:62:be:c0:fb:10:8f:41:9c:f3:9e:a2:66:7b:13:1c |
| (1)CERTIFICATE 1 | |
| (1)Version | 3 (0x2) |
| (1)Serial Number | 0e:43:27:2c:e7:93 |
| (1)Signature Algorithm | sha1WithRSAEncryption |
| (1)ISSUER NAME | |
| countryName | US |
| stateOrProvinceName | Arizona |
| localityName | Scottsdale |
| organizationName | "GoDaddy.com, Inc." |
| organizationalUnitName | http://certificates.godaddy.com/repository |
| commonName | Go Daddy Secure Certification Authority |
| serialNumber | 07969287 |
| (1)SUBJECT NAME | |
| organizationName | *.isis.unc.edu |
| organizationalUnitName | Domain Control Validated |
| commonName | *.isis.unc.edu |
| (1)Valid From | Dec 22 20:06:48 2009 GMT |
| (1)Valid Till | Dec 22 20:06:48 2014 GMT |
| (1)Public Key Algorithm | rsaEncryption |
| (1)RSA Public Key | (2048 bit) |
| (1) | Public-Key: (2048 bit) |
| (1) | Modulus: |
| (1) | 00:b4:b1:1b:f6:26:8f:ac:83:65:22:6c:70:b7:4d: |
| (1) | f3:41:04:74:34:c7:6c:bc:ca:c4:3e:42:be:4c:1d: |
| (1) | c7:90:cd:f1:eb:50:21:7d:fe:6f:64:6a:c3:67:22: |
| (1) | 13:14:4b:1f:22:72:37:94:46:4b:5a:9b:9b:0b:5c: |
| (1) | 4a:f2:9e:63:0f:92:35:53:7d:9c:9e:c5:19:f4:b9: |
| (1) | 21:6c:06:9b:ad:47:5c:04:84:f9:52:bd:7f:e2:ed: |
| (1) | 0c:8c:2f:ff:e0:48:f3:e6:8a:0f:17:10:74:3b:af: |
| (1) | 3f:fb:fb:f2:3c:b4:ac:37:76:58:cf:61:cf:35:94: |
| (1) | c1:f6:e2:cf:dc:95:04:b8:b6:0f:03:03:77:02:24: |
| (1) | df:d6:f5:b9:16:75:b5:2a:3b:6b:9b:79:04:d8:ce: |
| (1) | bf:97:96:7f:60:3d:c0:a8:34:0f:e3:70:5d:b4:8e: |
| (1) | 39:ee:7b:fd:b8:ba:3c:4c:db:80:68:19:f3:9b:33: |
| (1) | e3:ed:88:af:5a:73:49:af:cc:ea:82:03:3b:fe:71: |
| (1) | b1:f1:02:fb:c8:ae:82:58:79:e8:98:bb:74:6c:d2: |
| (1) | be:93:e2:6b:df:19:79:40:ad:c9:90:df:be:14:94: |
| (1) | 76:9f:dc:26:29:d6:d5:f2:b3:69:72:7b:7b:8d:64: |
| (1) | f3:f1:68:29:0d:62:c3:23:65:4a:97:cc:53:54:d2: |
| (1) | 4b:5d |
| (1) | Exponent: 65537 (0x10001) |
| (1)X509v3 EXTENSIONS | |
| (1)X509v3 Basic Constraints | critical |
| (1) | CA:FALSE |
| (1)X509v3 Extended Key Usage | TLS Web Server Authentication, TLS Web Client Authentication |
| (1)X509v3 Key Usage | critical |
| (1) | Digital Signature, Key Encipherment |
| (1)X509v3 CRL Distribution Points | |
| (1) | Full Name: |
| (1) | URI:http://crl.godaddy.com/gds1-12.crl |
| (1)X509v3 Certificate Policies | Policy: 2.16.840.1.114413.1.7.23.1 |
| (1) | CPS: http://certificates.godaddy.com/repository/ |
| (1)Authority Information Access | OCSP - URI:http://ocsp.godaddy.com/ |
| (1) | CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt |
| (1)X509v3 Authority Key Identifier | keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7 |
| (1)X509v3 Subject Alternative Name | DNS:*.isis.unc.edu, DNS:isis.unc.edu |
| (1)X509v3 Subject Key Identifier | C1:AE:28:7A:CA:E6:FC:6B:71:BE:5E:40:38:E5:BD:99:24:A3:D5:27 |
| (1)Signature | (256 octets) |
| (1) | 0f:5c:76:01:a0:1a:06:1c:e5:ab:72:66:c9:a2:25:a6 |
| (1) | 38:6a:cf:e9:ca:a1:0f:86:0a:de:fb:4f:a4:23:67:e4 |
| (1) | 57:de:2a:d5:27:0f:74:af:9e:51:3d:06:b3:a6:a2:aa |
| (1) | a2:86:b2:c9:d5:01:0e:d4:d7:82:65:9f:36:21:fb:d6 |
| (1) | 10:f5:a3:b6:da:02:db:42:24:e6:20:b4:f9:c2:2b:7d |
| (1) | 6a:d1:f5:07:d5:d1:a7:b9:08:2b:d6:17:d7:0e:b4:8e |
| (1) | cf:ad:b1:87:ed:1f:9b:af:92:b2:06:07:e2:7c:ba:9c |
| (1) | 6d:d1:61:5b:2e:1b:bc:6d:00:67:12:0d:10:6d:f1:2f |
| (1) | 33:a2:e7:80:fd:6d:dc:81:00:12:02:c8:bf:ff:72:7b |
| (1) | 43:2a:a4:39:2b:fe:ef:12:d9:af:ec:58:b5:40:a4:5a |
| (1) | 58:9e:80:17:87:99:2a:bf:d4:1f:8e:f9:ab:03:24:87 |
| (1) | 11:72:c1:f9:24:5d:d9:27:c5:e0:b4:4f:7b:cb:9c:c9 |
| (1) | 3e:93:b0:64:4e:a7:74:cd:4f:71:7b:be:05:03:8e:c1 |
| (1) | 53:d9:9f:66:b9:72:78:ad:f3:7c:ca:54:58:e1:7c:71 |
| (1) | aa:d3:36:6c:3d:d7:30:bc:0e:28:2c:33:5b:e4:c4:52 |
| (1) | 2c:62:be:c0:fb:10:8f:41:9c:f3:9e:a2:66:7b:13:1c |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Web Server Version | port 443/tcp |
| Server Version | Server Banner |
| _ | glass/1.0 Python/2.6.4 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
List of Web Directories | port 443/tcp |
| Directory | Source |
| /css/ | brute force |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH daemon information retrieving | port 2222/tcp |
For Red Hat ES 4:- SSH1 supported yes Supported authentification methods for SSH1 RSA,password Supported ciphers for SSH1 3des,blowfish SSH2 supported yes Supported keys exchange algorithm for SSH2 diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 Supported decryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported encryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported decryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported encryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported authentification methods for SSH2 publickey,gssapi-with-mic,password
| SSH1 supported | no |
| SSH2 supported | yes |
| Supported keys exchange algorithm for SSH2 | diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 |
| Supported decryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported encryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported decryption mac for SSH2 | hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported encryption mac for SSH2 | hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported authentication methods for SSH2 | password, publickey, keyboard-interactive |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH Banner | port 2222/tcp |
| Expand | Severity | Title | Port/Service |
|
|
4
|
Red Hat Update for Kernel (RHSA-2013-0621) |
This update fixes the following security issues:
* A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)
* A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
To install packages using the command line interface, use the command "yum update".
Refer to Red Hat security advisory RHSA-2013-0621 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-2.6.18-348.3.1.el5.i686)
RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-xen-2.6.18-348.3.1.el5.i686)
RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-PAE-2.6.18-348.3.1.el5.i686)
RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-2.6.18-348.3.1.el5.ia64)
RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-2.6.18-348.3.1.el5.x86_64)
| Package | Installed Version | Required Version |
| kernel-xen | 2.6.18-348.2.1.el5 | 2.6.18-348.3.1.el5 |
| kernel-xen | 2.6.18-348.el5 | 2.6.18-348.3.1.el5 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Red Hat Update for Kernel (RHSA-2013-0168) |
This update fixes the following security issues:
* It was found that the Xen hypervisor implementation did not perform range checking on the guest provided values in multiple hypercalls. A privileged guest user could use this flaw to trigger long loops, leading to a denial of service (Xen hypervisor hang). (CVE-2012-5515, Moderate)
* It was found that when running a 32-bit binary that uses a large number of shared libraries, one of the libraries would always be loaded at a predictable address in memory. An attacker could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2012-1568, Low)
* A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444, Low)
To install packages using the command line interface, use the command "yum update".
Refer to Red Hat security advisory RHSA-2013-0168 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-xen-2.6.18-348.1.1.el5.i686)
RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-PAE-2.6.18-348.1.1.el5.i686)
RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-2.6.18-348.1.1.el5.i686)
RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-2.6.18-348.1.1.el5.ia64)
RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-2.6.18-348.1.1.el5.x86_64)
| Package | Installed Version | Required Version |
| kernel-xen | 2.6.18-348.el5 | 2.6.18-348.1.1.el5 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSL Server Supports Weak Encryption Vulnerability | port 25/tcp over SSL |
SSL encryption ciphers are classified based on encryption key length as follows:
Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.
The following link provides more information about this vulnerability:
Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.
Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"
IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS
For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633
| CIPHER | KEY-EXCHANGE | AUTHENTICATION | MAC | ENCRYPTION(KEY-STRENGTH) | GRADE |
| SSLv3 WEAK CIPHERS | |||||
| EDH-RSA-DES-CBC-SHA | DH | RSA | SHA1 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-EDH-RSA-DES-CBC-SHA | DH(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| TLSv1 WEAK CIPHERS | |||||
| EDH-RSA-DES-CBC-SHA | DH | RSA | SHA1 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-EDH-RSA-DES-CBC-SHA | DH(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSL Server Has SSLv2 Enabled Vulnerability | port 993/tcp over SSL |
There are known flaws in the SSLv2 protocol. A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages.
These flaws have been fixed in SSLv3 (or TLSv1). Most servers (including all popular Web servers, mail servers, etc.) and clients (including Web-clients like IE, Netscape Navigator and Mozilla and mail clients) support both SSLv2 and SSLv3. However, SSLv2 is enabled by default for backward compatibility.
The following link provides more information about this vulnerability:
Analysis of the SSL 3.0 Protocol
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line:
SSLNoV2
How to disable SSLv2 on IIS : Microsoft
Knowledge Base Article - 187498
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll :
Microsoft Knowledge Base Article - 245030
For IIS 7, refer to the article How to Disable SSL 2.0 in IIS 7 for further information.
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSL Server Supports Weak Encryption Vulnerability | port 993/tcp over SSL |
SSL encryption ciphers are classified based on encryption key length as follows:
Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.
The following link provides more information about this vulnerability:
Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.
Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"
IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS
For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633
| CIPHER | KEY-EXCHANGE | AUTHENTICATION | MAC | ENCRYPTION(KEY-STRENGTH) | GRADE |
| SSLv2 WEAK CIPHERS | |||||
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| SSLv3 WEAK CIPHERS | |||||
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| TLSv1 WEAK CIPHERS | |||||
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSL Server Supports Weak Encryption Vulnerability | port 465/tcp over SSL |
SSL encryption ciphers are classified based on encryption key length as follows:
Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.
The following link provides more information about this vulnerability:
Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.
Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"
IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS
For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633
| CIPHER | KEY-EXCHANGE | AUTHENTICATION | MAC | ENCRYPTION(KEY-STRENGTH) | GRADE |
| SSLv3 WEAK CIPHERS | |||||
| EDH-RSA-DES-CBC-SHA | DH | RSA | SHA1 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-EDH-RSA-DES-CBC-SHA | DH(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| TLSv1 WEAK CIPHERS | |||||
| EDH-RSA-DES-CBC-SHA | DH | RSA | SHA1 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-EDH-RSA-DES-CBC-SHA | DH(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSL Server Supports Weak Encryption Vulnerability | port 587/tcp over SSL |
SSL encryption ciphers are classified based on encryption key length as follows:
Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.
The following link provides more information about this vulnerability:
Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.
Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"
IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS
For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633
| CIPHER | KEY-EXCHANGE | AUTHENTICATION | MAC | ENCRYPTION(KEY-STRENGTH) | GRADE |
| SSLv3 WEAK CIPHERS | |||||
| EDH-RSA-DES-CBC-SHA | DH | RSA | SHA1 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-EDH-RSA-DES-CBC-SHA | DH(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| TLSv1 WEAK CIPHERS | |||||
| EDH-RSA-DES-CBC-SHA | DH | RSA | SHA1 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-EDH-RSA-DES-CBC-SHA | DH(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSL Server Has SSLv2 Enabled Vulnerability | port 906/tcp over SSL |
There are known flaws in the SSLv2 protocol. A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages.
These flaws have been fixed in SSLv3 (or TLSv1). Most servers (including all popular Web servers, mail servers, etc.) and clients (including Web-clients like IE, Netscape Navigator and Mozilla and mail clients) support both SSLv2 and SSLv3. However, SSLv2 is enabled by default for backward compatibility.
The following link provides more information about this vulnerability:
Analysis of the SSL 3.0 Protocol
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line:
SSLNoV2
How to disable SSLv2 on IIS : Microsoft
Knowledge Base Article - 187498
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll :
Microsoft Knowledge Base Article - 245030
For IIS 7, refer to the article How to Disable SSL 2.0 in IIS 7 for further information.
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSL Server Supports Weak Encryption Vulnerability | port 906/tcp over SSL |
SSL encryption ciphers are classified based on encryption key length as follows:
Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.
The following link provides more information about this vulnerability:
Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.
Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"
IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS
For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633
| CIPHER | KEY-EXCHANGE | AUTHENTICATION | MAC | ENCRYPTION(KEY-STRENGTH) | GRADE |
| SSLv2 WEAK CIPHERS | |||||
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| SSLv3 WEAK CIPHERS | |||||
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| Expand | Severity | Title | Port/Service |
|
|
2
|
TCP Sequence Number Approximation Based Denial of Service |
The cause of the vulnerability is that affected implementations will accept TCP sequence numbers within a certain range, known as the acknowledgement range, of the expected sequence number for a packet in the session. This is determined by the TCP window size, which is negotiated during the three-way handshake for the session. Larger TCP window sizes may be set to allow for more throughput, but the larger the TCP window size, the more probable it is to guess a TCP sequence number that falls within an acceptable range. It was initially thought that guessing an acceptable sequence number was relatively difficult for most implementations given random distribution, making this type of attack impractical. However, some implementations may make it easier to successfully approximate an acceptable TCP sequence number, making these attacks possible with a number of protocols and implementations.
This is further compounded by the fact that some implementations may support the use of the TCP Window Scale Option, as described in RFC 1323, to extend the TCP window size to a maximum value of 1 billion.
This vulnerability will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing for denial of service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approximated sequence number and a forged source IP address and TCP port.
There are a few factors that may present viable target implementations, such as those which depend on long-lived TCP connections, those that have known or easily guessed IP address endpoints and those implementations with easily guessed TCP source ports. It has been noted that Border Gateway Protocol (BGP) is reported to be particularly vulnerable to this type of attack, due to the use of long-lived TCP sessions and the possibility that some implementations may use the TCP Window Scale Option. As a result, this issue is likely to affect a number of routing platforms.
Another factor to consider is the relative difficulty of injecting packets into TCP sessions, as a number of receiving implementations will reassemble packets in order, dropping any duplicates. This may make some implementations more resistant to attacks than others.
It should be noted that while a number of vendors have confirmed this issue in various products, investigations are ongoing and it is likely that many other vendors and products will turn out to be vulnerable as the issue is investigated further.
Various implementations and products including Check Point, Cisco, Cray Inc, Hitachi, Internet Initiative Japan, Inc (IIJ), Juniper Networks, NEC, Polycom, and Yamaha are currently undergoing review. Contact the vendors to obtain more information about affected products and fixes. NISCC Advisory 236929 - Vulnerability Issues in TCP details the vendor patch status as of the time of the advisory, and identifies resolutions and workarounds.
Refer to US-CERT Vulnerability Note VU#415294 and OSVDB Article 4030 to obtain a list of vendors affected by this issue and a note on resolutions (if any) provided by the vendor.
For Microsoft: Refer to MS05-019 and MS06-064 for further details.
For SGI IRIX: Refer to SGI Security Advisory 20040905-01-P
For SCO UnixWare 7.1.3 and 7.1.1: Refer to SCO Security Advisory SCOSA-2005.14
For Solaris (Sun Microsystems): The vendor has acknowledged the vulnerability; however a patch is not available. Refer to Sun Microsystems, Inc. Information for VU#415294 to obtain additional details. Also, refer to TA04-111A for detailed mitigating strategies against these attacks.
For NetBSD: Refer to NetBSD-SA2004-006
For Cisco: Refer to cisco-sa-20040420-tcp-ios.shtml.
For Red Hat Linux: There is no fix available.
Workaround:
The following BGP-specific workaround information has been provided.
For BGP implementations that support it, the TCP MD5 Signature Option should be enabled. Passwords that the MD5 checksum is applied to should be set to strong values and changed on a regular basis.
Secure BGP configuration instructions have been provided for Cisco and Juniper at these locations:
Secure Cisco IOS BGP Template
JUNOS Secure BGP Template
| Expand | Severity | Title | Port/Service |
|
|
2
|
GConf Temporary Directory Creation Denial of Service Vulnerability - Zero Day |
GConf Version 2.8 is vulnerable. Other versions may also be affected.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Avahi DNS Denial of Service Vulnerability |
Some vulnerabilities have been reported in Avahi. The vulnerabilities are caused by errors within the "avahi_recv_dns_packet_ipv4()" and "avahi_recv_dns_packet_ipv6()" functions in avahi-core/socket.c, and can be exploited to cause an assertion error and terminate the service by sending a DNS packet with an incorrect checksum immediately followed by a DNS packet with correct checksum.
Affected Versions:
Avahi Versions prior to 0.6.26
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
2
|
Red Hat Update for Kernel (RHSA-2013-0594) |
This update fixes the following security issues:
* Buffer overflow flaws were found in the udf_load_logicalvol() function in the Universal Disk Format (UDF) file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges. (CVE-2012-3400, Low)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
To install packages using the command line interface, use the command "yum update".
Refer to Red Hat security advisory RHSA-2013-0594 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-2.6.18-348.2.1.el5.i686)
RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-xen-2.6.18-348.2.1.el5.i686)
RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-PAE-2.6.18-348.2.1.el5.i686)
RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-2.6.18-348.2.1.el5.ia64)
RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-2.6.18-348.2.1.el5.x86_64)
| Package | Installed Version | Required Version |
| kernel-xen | 2.6.18-348.el5 | 2.6.18-348.2.1.el5 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Fetchmail Debug Mode POP3 UIDL Lists Denial of Service Vulnerability |
A vulnerability has been identified in Fetchmail, which could be exploited by attackers to cause a denial of service. This issue is caused by an error when processing message headers or POP3 UIDL lists including invalid characters in a multi-character locale while debug mode is enabled.
Affected Versions:
Fetchmail releases 4.6.3 up to and including 6.3.16
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
OpenSSH Plaintext Recovery Attack Against SSH Vulnerability |
OpenSSH is prone to a plain text recovery attack. The issue is in the SSH protocol specification itself and exists in Secure Shell (SSH) software when used with CBC-mode ciphers.
Affected Versions:
OpenSSH Version 5.1 and earlier.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
Sendmail SSL Certificate NULL Character Spoofing Vulnerability | port 25/tcp |
This updated version (8.14.4) will resolve following security issues.
Some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. Some checks have been added to deal with "bogus" CNs.
A workaround for a Linux resolver problem has been added to avoid core dumps.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
Sendmail SSL Certificate NULL Character Spoofing Vulnerability | port 465/tcp over SSL |
This updated version (8.14.4) will resolve following security issues.
Some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. Some checks have been added to deal with "bogus" CNs.
A workaround for a Linux resolver problem has been added to avoid core dumps.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
Sendmail SSL Certificate NULL Character Spoofing Vulnerability | port 587/tcp |
This updated version (8.14.4) will resolve following security issues.
Some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. Some checks have been added to deal with "bogus" CNs.
A workaround for a Linux resolver problem has been added to avoid core dumps.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
Remote Access or Management Service Detected |
The Results section includes information on the remote access service that was found on the target.
Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Unix Group List |
1) The group name. Group names are fairly arbitrary but it is a good idea to choose group names that express some idea about the function of the group.
2) The group's encrypted password. Group passwords encouraged poor security practices, so most modern Unix systems don't support them.
3) The group's unique numeric ID (GID).
4) All users in the group.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Operating System Detected |
1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.
| Operating System | Technique | ID |
| Red Hat Enterprise Linux Server 5.9 | Unix login | |
| Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP | TCP/IP Fingerprint | U1141:22 |
| cpe:/o:redhat:red hat enterprise linux:5.9::server: | CPE |
| Expand | Severity | Title | Port/Service |
|
|
2
|
List of Java Related Packages |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Unix Users With root UserID |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Unix Users With root GroupID |
| Expand | Severity | Title | Port/Service |
|
|
2
|
List of Home Directories Associated with UserIDs |
| Expand | Severity | Title | Port/Service |
|
|
2
|
List of Valid Shells |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SU Logging |
| Expand | Severity | Title | Port/Service |
|
|
2
|
root Should Be Specified in Block List for FTP Users |
On Linux, Solaris and Mac - "/etc/ftpusers"
On HP-UX - "/etc/ftpd/ftpusers" or "/etc/ftpd/ftpaccess"
Note: On HP-UX, root permission is required to access /etc/ftpd/ftpusers file.
This vulnerability check requires read permission on above mentioned configuration files. Without permission this detection may give false results.
| Expand | Severity | Title | Port/Service |
|
|
2
|
SMTP Banner | port 25/tcp |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SMTP Service Detected | port 25/tcp |
| Expand | Severity | Title | Port/Service |
|
|
2
|
IMAP Banner | port 993/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SMTP Banner | port 465/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SMTP Service Detected | port 465/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SMTP Banner | port 587/tcp |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SMTP Service Detected | port 587/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
DNS Host Name |
| IP address | Host name |
| 152.2.35.114 | mail.schsr.unc.edu |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Firewall Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Target Network Information |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Service Provider |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Traceroute |
| Hops | IP | Round Trip Time | Probe |
| 1 | 152.2.20.1 | 0.76ms | ICMP |
| 2 | 152.19.253.106 | 1.25ms | ICMP |
| 3 | 152.19.255.17 | 0.99ms | ICMP |
| 4 | 152.19.255.210 | 1.19ms | UDP |
| 5 | 152.2.35.114 | 0.90ms | ICMP |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix Server Information |
| UName | Linux mail.schsr.unc.edu 2.6.18-348.3.1.el5xen #1 SMP Tue Mar 5 13:27:42 EST 2013 i686 i686 i386 GNU/Linux |
| Operating system | Linux |
| Red Hat Release | Red Hat Enterprise Linux Server release 5.9 (Tikanga) |
| Product | Red Hat Enterprise Linux Server |
| Version | 5.9 |
| Vendor | Red Hat |
| CPU | i386 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Scan Time |
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Names Found |
| Host Name | Source |
| mail.schsr.unc.edu | FQDN |
| mail.schsr.unc.edu | System-configured |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Contents of /etc/issue File |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Contents of syslog.conf File |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Contents of xinetd.conf File |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux Kernel Version Running |
Red Hat Linux
Oracle Enterprise Linux
Suse
Fedora
Debian
Ubuntu
CentOS
| Expand | Severity | Title | Port/Service |
|
|
1
|
Installed Kernel rpm List for Red Hat and Oracle Enterprise Linux |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Contents of rsyslog.conf File |
ryslog.conf is backward compatible with sysklogd's syslog.conf file.
| Expand | Severity | Title | Port/Service |
|
|
1
|
"daemon.notice" Entry Missing in rsyslog.conf file |
daemon.notice [Tab] <path to logfile>
ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in the specified log file.
This entry was found to be missing from the rsyslog.conf file on the target.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Java Version Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Python Installed on Host |
Note: For Windows Systems
To get the exact version of Python installed on the target, look for the string followed by '#define PY_VERSION' in the result section. A target can have more than one version of Python installed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Java Runtime Environment 1.4 Installed |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Installed Packages on Unix and Linux Operating Systems |
Supported Unix or Linux Operating Systems:
RedHat Linux
CentOS
Suse
Fedora
Oracle Enterprise Linux
Debian
Ubuntu
IBM AIX
Solaris
Mac OS X
NOTE: If the system has more than 200 packages, this qid lists only first 200 packages.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Ruby Installed on Host |
Ruby is installed on target host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Protocol version 6 (IPv6) Enabled on Target Host |
This QID uses the registry key mentioned in Microsoft KB929852 to determine if IPv6 is enabled.
The detection works in the following way:
1) For Windows 2000,XP,2003
-- Check for existence of key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
2) For Windows Vista or 2008 or Windows 7 or Windows 8 or Windows Server 2012 and Windows RT:
-- It checks the value of "DisabledComponents" for key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
Note: This checks make use of Windows Management Instrumentation(WMI) to list IPv6 Addresses on target.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open TCP Services List |
The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).
| Port | IANA Assigned Ports/Services | Description | Service Detected | OS On Redirected Port |
| 22 | ssh | SSH Remote Login Protocol | ssh | |
| 25 | smtp | Simple Mail Transfer | smtp | |
| 465 | smtps | smtp protocol over TLS/SSL (was ssmtp) | smtp over ssl | |
| 587 | submission | Submission | smtp | |
| 906 | unknown | unknown | imap over ssl | |
| 993 | imaps | imap4 protocol over TLS/SSL | imap over ssl |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ICMP Replies Received |
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
| ICMP Reply Type | Triggered By | Additional Information |
| Echo (type=0 code=0) | Echo Request | Echo Reply |
| Time Stamp (type=14 code=0) | Time Stamp Request | 16:14:13 GMT |
| Unreachable (type=3 code=10) | (Various) | Destination Host Prohibited |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Degree of Randomness of TCP Initial Sequence Numbers |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IP ID Values Randomness |
Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix User List |
| Expand | Severity | Title | Port/Service |
|
|
1
|
"At" Command Configuration |
The superuser may use these commands in any case. For other users, permission to use the "at" command is determined by the files /etc/at.allow and /etc/at.deny.
If the file /etc/at.allow exists, only usernames mentioned in the file are allowed to use the "at" command. If /etc/at.allow does not exist, /etc/at.deny is checked, and every username not mentioned in it is then allowed to use the "at" command. If neither file exists, only the superuser is allowed use of the "at" command. An empty /etc/at.deny means that all users are allowed access. This is the default configuration.
Note: The Results section is formatted in the following way: It first lists the "ls -la" permissions of any /etc/at.allow or /etc/at.deny files on the target. If present, the contents of the files are "cat"ed (at.deny is typically empty, so it will show up as white space). If the "ls -la" line and the contents of the corresponding file are not shown, it means the file does not exist on the target.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - tcp_max_syn_backlog Value |
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.tcp_max_syn_backlog = 4096
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - rp_filter Value |
The conf/all/rp_filer value is boolean:
0 - No source validation.
1 - Do source validation.
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - accept_source_route Value |
The conf/all/accept_source_route value is boolean:
0 - Do not accept packets
1 - Accept packets
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - accept_redirects Value |
The conf/all/accept_redirects value is boolean:
0 - Do not accept ICMP redirect messages.
1 - Accept ICMP redirect messages.
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - secure_redirects Value |
The conf/all/secure_redirects value is boolean:
0 - Accept ICMP redirect messages from any host.
1 - Accept ICMP redirect messages from gateways listed in default gateway list.
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix Environment Variables |
| Expand | Severity | Title | Port/Service |
|
|
1
|
File System Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Hard Drive Device Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Disk Usage Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Processor Information for Unix Target |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Memory Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
cron.allow File Does Not Exist |
The cron daemon runs shell commands at specified dates and times. It is executed upon system initialization and remains active while the system is operating in multi-user mode.
When the crontab command is invoked, it examines the files "cron.deny" and "cron.allow" in the system's cron directory to grant or revoke the modification of the crontab spool file. If a username appears in the "cron.allow" file, the crontab command may be executed. If that file does not exist and the user's name does not appear in the "cron.deny" file, then cron can be used.
| Expand | Severity | Title | Port/Service |
|
|
1
|
daemon.notice Entry Missing in syslog.conf |
daemon.notice[Tab]logfile
ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in a logfile. This entry was found to be missing from the syslog.conf file.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Kernel Routing Tables Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host File Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 25/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 25/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 25/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 25/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 1276797857 (0x4c1a63a1) |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| countryName | US |
| organizationName | "Entrust, Inc." |
| organizationalUnitName | www.entrust.net/rpa is incorporated by reference |
| organizationalUnitName | "(c) 2009 Entrust, Inc." |
| commonName | Entrust Certification Authority - L1C |
| (0)SUBJECT NAME | |
| countryName | US |
| stateOrProvinceName | North Carolina |
| localityName | Chapel Hill |
| organizationName | University of North Carolina at Chapel Hill |
| organizationalUnitName | Cecil G. Sheps Center for Health Services Research |
| commonName | mail.schsr.unc.edu |
| (0)Valid From | May 18 19:54:13 2011 GMT |
| (0)Valid Till | Jul 19 10:22:09 2015 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (2048 bit) |
| (0) | Public-Key: (2048 bit) |
| (0) | Modulus: |
| (0) | 00:d2:70:9b:34:c8:7e:96:97:c9:27:d4:a5:05:38: |
| (0) | 7f:3d:4b:36:cf:d8:22:46:36:2f:8c:10:df:66:09: |
| (0) | 41:78:2f:9d:cf:62:44:1b:1d:56:27:8d:e4:e2:d2: |
| (0) | da:e3:cb:8d:7e:75:9e:d1:5e:9e:28:69:b4:68:eb: |
| (0) | 74:e1:75:ef:da:92:e8:20:c4:a5:c1:61:db:ce:6a: |
| (0) | 82:48:e6:04:85:e5:ca:4b:df:c0:86:0a:6c:fd:fa: |
| (0) | cf:11:4d:97:23:8f:5f:5b:86:e9:7e:31:24:f2:13: |
| (0) | a2:dd:cc:45:a4:38:ed:c3:35:72:f1:55:ce:b6:6c: |
| (0) | 1b:26:9e:1b:53:90:89:9a:8e:4b:88:84:b5:50:78: |
| (0) | eb:94:6f:30:51:fe:d5:e4:0a:41:e4:19:6a:52:3d: |
| (0) | 30:9d:55:1e:c3:f7:f7:ce:0b:f8:42:33:75:d9:ae: |
| (0) | 10:1e:9d:f0:dc:d3:5e:67:05:85:81:59:e1:e6:7f: |
| (0) | df:45:b5:f6:eb:db:61:9d:71:03:7b:64:cd:10:7f: |
| (0) | 27:1c:ab:03:9f:8a:5e:e2:aa:01:f7:d2:b7:2d:fa: |
| (0) | dd:cf:5b:2d:f6:c8:40:63:91:cc:4a:52:8e:de:8a: |
| (0) | 4d:5d:fc:dd:77:79:56:78:c8:79:2a:be:89:89:e8: |
| (0) | a0:0a:b9:7c:7a:91:8c:0e:c0:d0:4a:ba:36:5a:b3: |
| (0) | 2a:17 |
| (0) | Exponent: 65537 (0x10001) |
| (0)X509v3 EXTENSIONS | |
| (0)X509v3 Key Usage | Digital Signature, Key Encipherment |
| (0)X509v3 Extended Key Usage | TLS Web Server Authentication |
| (0)X509v3 CRL Distribution Points | |
| (0) | Full Name: |
| (0) | URI:http://crl.entrust.net/level1c.crl |
| (0)Authority Information Access | OCSP - URI:http://ocsp.entrust.net |
| (0)X509v3 Certificate Policies | Policy: 1.2.840.113533.7.75.2 |
| (0) | CPS: http://www.entrust.net/rpa |
| (0)X509v3 Authority Key Identifier | keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D |
| (0)X509v3 Subject Key Identifier | D8:71:72:86:61:37:2E:90:E7:80:0E:0A:42:8F:8A:15:83:E1:A6:A8 |
| (0)X509v3 Basic Constraints | CA:FALSE |
| (0)Signature | (256 octets) |
| (0) | 02:b0:0b:1a:88:cb:d9:85:6d:88:f0:47:f6:73:25:9e |
| (0) | 8a:a0:38:fc:6e:50:88:a4:d3:ce:1a:07:e4:1a:16:fc |
| (0) | ad:6d:d2:26:aa:11:bb:b4:ac:27:e0:bd:20:25:09:30 |
| (0) | dc:16:9e:8e:f1:b8:c9:ec:83:f3:b5:36:f0:d2:fc:c8 |
| (0) | 87:ed:76:be:ea:1d:dc:4c:6f:79:25:15:0f:17:29:f7 |
| (0) | 08:ec:ad:43:c1:fd:a4:85:3d:f4:05:f1:dc:cf:e4:f8 |
| (0) | 48:f2:bc:2a:99:04:36:10:ed:83:bb:33:ed:8d:1b:ee |
| (0) | 48:15:9d:2e:c5:8c:1c:c0:52:c4:87:b6:30:53:47:ba |
| (0) | 8b:b8:01:64:19:19:f3:ac:f0:f0:0e:c4:e3:c4:43:b0 |
| (0) | 00:24:03:4a:53:25:38:c3:61:3d:bd:37:95:b5:83:86 |
| (0) | 6b:f8:f5:fd:95:53:c5:11:64:a9:07:29:07:eb:eb:11 |
| (0) | fb:ed:02:50:28:87:a6:eb:ad:16:40:44:dd:76:5d:76 |
| (0) | 56:af:f5:fc:10:79:dd:29:be:96:4f:19:89:0b:2d:f3 |
| (0) | 85:a1:55:fe:4b:80:a3:a5:af:e7:fa:56:4c:6a:8e:8a |
| (0) | d4:82:43:2f:89:ff:16:60:e2:8b:2f:1b:65:ab:30:80 |
| (0) | bf:2b:62:94:3d:e8:07:b0:76:e6:cb:af:d6:97:38:2b |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH daemon information retrieving | port 22/tcp |
For Red Hat ES 4:- SSH1 supported yes Supported authentification methods for SSH1 RSA,password Supported ciphers for SSH1 3des,blowfish SSH2 supported yes Supported keys exchange algorithm for SSH2 diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 Supported decryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported encryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported decryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported encryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported authentification methods for SSH2 publickey,gssapi-with-mic,password
| SSH1 supported | no |
| SSH2 supported | yes |
| Supported keys exchange algorithm for SSH2 | diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 |
| Supported decryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported encryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported decryption mac for SSH2 | hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported encryption mac for SSH2 | hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported authentication methods for SSH2 | password, publickey |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH Banner | port 22/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix Authentication Method | port 22/tcp |
Unix authentication is used to obtain remote access to different command line services such as SSH, telnet and rlogin. Specified credentials must include a user name and may include a password, an RSA private key and/or a DSA private key. When authenticating to target hosts that support SSH2, authentication is attempted in the following order: 1) RSA key, 2) DSA key and 3) user name and password. For target hosts that only support SSH1, only the supplied user name and password are used for authentication.
| User Name | monitor |
| Authentication Scheme | DSA Key |
| Protocol | SSH Version 2 |
| Discovery Method | Login credentials provided by user |
| Using sudo | No |
| Authentication Record | DSA Authentication |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 993/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| CIPHER | KEY-EXCHANGE | AUTHENTICATION | MAC | ENCRYPTION(KEY-STRENGTH) | GRADE |
| SSLv2 PROTOCOL IS ENABLED | |||||
| DES-CBC3-MD5 | RSA | RSA | MD5 | 3DES(168) | HIGH |
| RC4-MD5 | RSA | RSA | MD5 | RC4(128) | MEDIUM |
| RC2-CBC-MD5 | RSA | RSA | MD5 | RC2(128) | MEDIUM |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| SSLv3 PROTOCOL IS ENABLED | |||||
| SSLv3 | COMPRESSION METHOD | None | |||
| DES-CBC3-MD5 | RSA | RSA | MD5 | 3DES(168) | HIGH |
| RC4-MD5 | RSA | RSA | MD5 | RC4(128) | MEDIUM |
| RC2-CBC-MD5 | RSA | RSA | MD5 | RC2(128) | MEDIUM |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| AES256-SHA | RSA | RSA | SHA1 | AES(256) | HIGH |
| DES-CBC3-SHA | RSA | RSA | SHA1 | 3DES(168) | HIGH |
| AES128-SHA | RSA | RSA | SHA1 | AES(128) | MEDIUM |
| RC4-SHA | RSA | RSA | SHA1 | RC4(128) | MEDIUM |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| TLSv1 PROTOCOL IS ENABLED | |||||
| TLSv1 | COMPRESSION METHOD | None | |||
| DES-CBC3-MD5 | RSA | RSA | MD5 | 3DES(168) | HIGH |
| RC4-MD5 | RSA | RSA | MD5 | RC4(128) | MEDIUM |
| RC2-CBC-MD5 | RSA | RSA | MD5 | RC2(128) | MEDIUM |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| AES256-SHA | RSA | RSA | SHA1 | AES(256) | HIGH |
| DES-CBC3-SHA | RSA | RSA | SHA1 | 3DES(168) | HIGH |
| AES128-SHA | RSA | RSA | SHA1 | AES(128) | MEDIUM |
| RC4-SHA | RSA | RSA | SHA1 | RC4(128) | MEDIUM |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 993/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL/TLS invalid protocol version tolerance | port 993/tcp over SSL |
| my version | target version |
| 0304 | 0301 |
| 0399 | 0301 |
| 0400 | rejected |
| 0499 | rejected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 993/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 993/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 1276797857 (0x4c1a63a1) |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| countryName | US |
| organizationName | "Entrust, Inc." |
| organizationalUnitName | www.entrust.net/rpa is incorporated by reference |
| organizationalUnitName | "(c) 2009 Entrust, Inc." |
| commonName | Entrust Certification Authority - L1C |
| (0)SUBJECT NAME | |
| countryName | US |
| stateOrProvinceName | North Carolina |
| localityName | Chapel Hill |
| organizationName | University of North Carolina at Chapel Hill |
| organizationalUnitName | Cecil G. Sheps Center for Health Services Research |
| commonName | mail.schsr.unc.edu |
| (0)Valid From | May 18 19:54:13 2011 GMT |
| (0)Valid Till | Jul 19 10:22:09 2015 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (2048 bit) |
| (0) | Public-Key: (2048 bit) |
| (0) | Modulus: |
| (0) | 00:d2:70:9b:34:c8:7e:96:97:c9:27:d4:a5:05:38: |
| (0) | 7f:3d:4b:36:cf:d8:22:46:36:2f:8c:10:df:66:09: |
| (0) | 41:78:2f:9d:cf:62:44:1b:1d:56:27:8d:e4:e2:d2: |
| (0) | da:e3:cb:8d:7e:75:9e:d1:5e:9e:28:69:b4:68:eb: |
| (0) | 74:e1:75:ef:da:92:e8:20:c4:a5:c1:61:db:ce:6a: |
| (0) | 82:48:e6:04:85:e5:ca:4b:df:c0:86:0a:6c:fd:fa: |
| (0) | cf:11:4d:97:23:8f:5f:5b:86:e9:7e:31:24:f2:13: |
| (0) | a2:dd:cc:45:a4:38:ed:c3:35:72:f1:55:ce:b6:6c: |
| (0) | 1b:26:9e:1b:53:90:89:9a:8e:4b:88:84:b5:50:78: |
| (0) | eb:94:6f:30:51:fe:d5:e4:0a:41:e4:19:6a:52:3d: |
| (0) | 30:9d:55:1e:c3:f7:f7:ce:0b:f8:42:33:75:d9:ae: |
| (0) | 10:1e:9d:f0:dc:d3:5e:67:05:85:81:59:e1:e6:7f: |
| (0) | df:45:b5:f6:eb:db:61:9d:71:03:7b:64:cd:10:7f: |
| (0) | 27:1c:ab:03:9f:8a:5e:e2:aa:01:f7:d2:b7:2d:fa: |
| (0) | dd:cf:5b:2d:f6:c8:40:63:91:cc:4a:52:8e:de:8a: |
| (0) | 4d:5d:fc:dd:77:79:56:78:c8:79:2a:be:89:89:e8: |
| (0) | a0:0a:b9:7c:7a:91:8c:0e:c0:d0:4a:ba:36:5a:b3: |
| (0) | 2a:17 |
| (0) | Exponent: 65537 (0x10001) |
| (0)X509v3 EXTENSIONS | |
| (0)X509v3 Key Usage | Digital Signature, Key Encipherment |
| (0)X509v3 Extended Key Usage | TLS Web Server Authentication |
| (0)X509v3 CRL Distribution Points | |
| (0) | Full Name: |
| (0) | URI:http://crl.entrust.net/level1c.crl |
| (0)Authority Information Access | OCSP - URI:http://ocsp.entrust.net |
| (0)X509v3 Certificate Policies | Policy: 1.2.840.113533.7.75.2 |
| (0) | CPS: http://www.entrust.net/rpa |
| (0)X509v3 Authority Key Identifier | keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D |
| (0)X509v3 Subject Key Identifier | D8:71:72:86:61:37:2E:90:E7:80:0E:0A:42:8F:8A:15:83:E1:A6:A8 |
| (0)X509v3 Basic Constraints | CA:FALSE |
| (0)Signature | (256 octets) |
| (0) | 02:b0:0b:1a:88:cb:d9:85:6d:88:f0:47:f6:73:25:9e |
| (0) | 8a:a0:38:fc:6e:50:88:a4:d3:ce:1a:07:e4:1a:16:fc |
| (0) | ad:6d:d2:26:aa:11:bb:b4:ac:27:e0:bd:20:25:09:30 |
| (0) | dc:16:9e:8e:f1:b8:c9:ec:83:f3:b5:36:f0:d2:fc:c8 |
| (0) | 87:ed:76:be:ea:1d:dc:4c:6f:79:25:15:0f:17:29:f7 |
| (0) | 08:ec:ad:43:c1:fd:a4:85:3d:f4:05:f1:dc:cf:e4:f8 |
| (0) | 48:f2:bc:2a:99:04:36:10:ed:83:bb:33:ed:8d:1b:ee |
| (0) | 48:15:9d:2e:c5:8c:1c:c0:52:c4:87:b6:30:53:47:ba |
| (0) | 8b:b8:01:64:19:19:f3:ac:f0:f0:0e:c4:e3:c4:43:b0 |
| (0) | 00:24:03:4a:53:25:38:c3:61:3d:bd:37:95:b5:83:86 |
| (0) | 6b:f8:f5:fd:95:53:c5:11:64:a9:07:29:07:eb:eb:11 |
| (0) | fb:ed:02:50:28:87:a6:eb:ad:16:40:44:dd:76:5d:76 |
| (0) | 56:af:f5:fc:10:79:dd:29:be:96:4f:19:89:0b:2d:f3 |
| (0) | 85:a1:55:fe:4b:80:a3:a5:af:e7:fa:56:4c:6a:8e:8a |
| (0) | d4:82:43:2f:89:ff:16:60:e2:8b:2f:1b:65:ab:30:80 |
| (0) | bf:2b:62:94:3d:e8:07:b0:76:e6:cb:af:d6:97:38:2b |
| (1)CERTIFICATE 1 | |
| (1)Version | 3 (0x2) |
| (1)Serial Number | 946072060 (0x3863e9fc) |
| (1)Signature Algorithm | sha1WithRSAEncryption |
| (1)ISSUER NAME | |
| organizationName | Entrust.net |
| organizationalUnitName | www.entrust.net/CPS 2048 incorp. by ref. (limits liab.) |
| organizationalUnitName | (c) 1999 Entrust.net Limited |
| commonName | Entrust.net Certification Authority (2048) |
| (1)SUBJECT NAME | |
| countryName | US |
| organizationName | "Entrust, Inc." |
| organizationalUnitName | www.entrust.net/rpa is incorporated by reference |
| organizationalUnitName | "(c) 2009 Entrust, Inc." |
| commonName | Entrust Certification Authority - L1C |
| (1)Valid From | Dec 10 20:43:54 2009 GMT |
| (1)Valid Till | Dec 10 21:13:54 2019 GMT |
| (1)Public Key Algorithm | rsaEncryption |
| (1)RSA Public Key | (2048 bit) |
| (1) | Public-Key: (2048 bit) |
| (1) | Modulus: |
| (1) | 00:97:a3:2d:3c:9e:de:05:da:13:c2:11:8d:9d:8e: |
| (1) | e3:7f:c7:4b:7e:5a:9f:b3:ff:62:ab:73:c8:28:6b: |
| (1) | ba:10:64:82:87:13:cd:57:18:ff:28:ce:c0:e6:0e: |
| (1) | 06:91:50:29:83:d1:f2:c3:2a:db:d8:db:4e:04:cc: |
| (1) | 00:eb:8b:b6:96:dc:bc:aa:fa:52:77:04:c1:db:19: |
| (1) | e4:ae:9c:fd:3c:8b:03:ef:4d:bc:1a:03:65:f9:c1: |
| (1) | b1:3f:72:86:f2:38:aa:19:ae:10:88:78:28:da:75: |
| (1) | c3:3d:02:82:02:9c:b9:c1:65:77:76:24:4c:98:f7: |
| (1) | 6d:31:38:fb:db:fe:db:37:02:76:a1:18:97:a6:cc: |
| (1) | de:20:09:49:36:24:69:42:f6:e4:37:62:f1:59:6d: |
| (1) | a9:3c:ed:34:9c:a3:8e:db:dc:3a:d7:f7:0a:6f:ef: |
| (1) | 2e:d8:d5:93:5a:7a:ed:08:49:68:e2:41:e3:5a:90: |
| (1) | c1:86:55:fc:51:43:9d:e0:b2:c4:67:b4:cb:32:31: |
| (1) | 25:f0:54:9f:4b:d1:6f:db:d4:dd:fc:af:5e:6c:78: |
| (1) | 90:95:de:ca:3a:48:b9:79:3c:9b:19:d6:75:05:a0: |
| (1) | f9:88:d7:c1:e8:a5:09:e4:1a:15:dc:87:23:aa:b2: |
| (1) | 75:8c:63:25:87:d8:f8:3d:a6:c2:cc:66:ff:a5:66: |
| (1) | 68:55 |
| (1) | Exponent: 65537 (0x10001) |
| (1)X509v3 EXTENSIONS | |
| (1)X509v3 Key Usage | critical |
| (1) | Certificate Sign, CRL Sign |
| (1)X509v3 Basic Constraints | critical |
| (1) | CA:TRUE |
| (1)Authority Information Access | OCSP - URI:http://ocsp.entrust.net |
| (1)X509v3 CRL Distribution Points | |
| (1) | Full Name: |
| (1) | URI:http://crl.entrust.net/2048ca.crl |
| (1)X509v3 Certificate Policies | Policy: X509v3 Any Policy |
| (1) | CPS: http://www.entrust.net/rpa |
| (1)X509v3 Subject Key Identifier | 1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D |
| (1)X509v3 Authority Key Identifier | keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 |
| (1)Signature | (256 octets) |
| (1) | 07:f6:5f:82:84:7f:80:40:c7:90:34:46:42:24:03:ce |
| (1) | 2f:ab:ba:83:9e:25:73:0d:ed:ac:05:69:c6:87:ed:a3 |
| (1) | 5c:f2:57:c1:b1:49:76:9a:4d:f2:3f:dd:e4:0e:fe:0b |
| (1) | 3e:b9:98:d9:32:95:1d:32:f4:01:ee:9c:c8:c8:e5:3f |
| (1) | e0:53:76:62:fc:dd:ab:6d:3d:94:90:f2:c0:b3:3c:98 |
| (1) | 27:36:5e:28:97:22:fc:1b:40:d3:2b:0d:ad:b5:57:6d |
| (1) | df:0f:e3:4b:ef:73:02:10:65:fa:1b:d0:ac:31:d5:e3 |
| (1) | 0f:e8:ba:32:30:83:ee:4a:d0:bf:df:22:90:7a:be:ec |
| (1) | 3a:1b:c4:49:04:1d:f1:ae:80:77:3c:42:08:db:a7:3b |
| (1) | 28:a6:80:01:03:e6:39:a3:eb:df:80:59:1b:f3:2c:be |
| (1) | dc:72:44:79:a0:6c:07:a5:6d:4d:44:8e:42:68:ca:94 |
| (1) | 7c:2e:36:ba:85:9e:cd:aa:c4:5e:3c:54:be:fe:2f:ea |
| (1) | 69:9d:1c:1e:29:9b:96:d8:c8:fe:51:90:f1:24:a6:90 |
| (1) | 06:b3:f0:29:a2:ff:78:2e:77:5c:45:21:d9:44:00:31 |
| (1) | f3:be:32:4f:f5:0a:32:0d:fc:fc:ba:16:76:56:b2:d6 |
| (1) | 48:92:f2:8b:a6:3e:b7:ac:5c:69:ea:0b:3f:66:45:b9 |
| (2)CERTIFICATE 2 | |
| (2)Version | 3 (0x2) |
| (2)Serial Number | 946069240 (0x3863def8) |
| (2)Signature Algorithm | sha1WithRSAEncryption |
| (2)ISSUER NAME | |
| organizationName | Entrust.net |
| organizationalUnitName | www.entrust.net/CPS 2048 incorp. by ref. (limits liab.) |
| organizationalUnitName | (c) 1999 Entrust.net Limited |
| commonName | Entrust.net Certification Authority (2048) |
| (2)SUBJECT NAME | |
| organizationName | Entrust.net |
| organizationalUnitName | www.entrust.net/CPS 2048 incorp. by ref. (limits liab.) |
| organizationalUnitName | (c) 1999 Entrust.net Limited |
| commonName | Entrust.net Certification Authority (2048) |
| (2)Valid From | Dec 24 17:50:51 1999 GMT |
| (2)Valid Till | Jul 24 14:15:12 2029 GMT |
| (2)Public Key Algorithm | rsaEncryption |
| (2)RSA Public Key | (2048 bit) |
| (2) | Public-Key: (2048 bit) |
| (2) | Modulus: |
| (2) | 00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64: |
| (2) | 2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7: |
| (2) | 78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76: |
| (2) | 98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf: |
| (2) | e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1: |
| (2) | 02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29: |
| (2) | b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64: |
| (2) | ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c: |
| (2) | e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89: |
| (2) | a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90: |
| (2) | 76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2: |
| (2) | cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a: |
| (2) | fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55: |
| (2) | 60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86: |
| (2) | 5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26: |
| (2) | 93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e: |
| (2) | 4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0: |
| (2) | 07:e1 |
| (2) | Exponent: 65537 (0x10001) |
| (2)X509v3 EXTENSIONS | |
| (2)X509v3 Key Usage | critical |
| (2) | Certificate Sign, CRL Sign |
| (2)X509v3 Basic Constraints | critical |
| (2) | CA:TRUE |
| (2)X509v3 Subject Key Identifier | 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 |
| (2)Signature | (256 octets) |
| (2) | 3b:9b:8f:56:9b:30:e7:53:99:7c:7a:79:a7:4d:97:d7 |
| (2) | 19:95:90:fb:06:1f:ca:33:7c:46:63:8f:96:66:24:fa |
| (2) | 40:1b:21:27:ca:e6:72:73:f2:4f:fe:31:99:fd:c8:0c |
| (2) | 4c:68:53:c6:80:82:13:98:fa:b6:ad:da:5d:3d:f1:ce |
| (2) | 6e:f6:15:11:94:82:0c:ee:3f:95:af:11:ab:0f:d7:2f |
| (2) | de:1f:03:8f:57:2c:1e:c9:bb:9a:1a:44:95:eb:18:4f |
| (2) | a6:1f:cd:7d:57:10:2f:9b:04:09:5a:84:b5:6e:d8:1d |
| (2) | 3a:e1:d6:9e:d1:6c:79:5e:79:1c:14:c5:e3:d0:4c:93 |
| (2) | 3b:65:3c:ed:df:3d:be:a6:e5:95:1a:c3:b5:19:c3:bd |
| (2) | 5e:5b:bb:ff:23:ef:68:19:cb:12:93:27:5c:03:2d:6f |
| (2) | 30:d0:1e:b6:1a:ac:de:5a:f7:d1:aa:a8:27:a6:fe:79 |
| (2) | 81:c4:79:99:33:57:ba:12:b0:a9:e0:42:6c:93:ca:56 |
| (2) | de:fe:6d:84:0b:08:8b:7e:8d:ea:d7:98:21:c6:f3:e7 |
| (2) | 3c:79:2f:5e:9c:d1:4c:15:8d:e1:ec:22:37:cc:9a:43 |
| (2) | 0b:97:dc:80:90:8d:b3:67:9b:6f:48:08:15:56:cf:bf |
| (2) | f1:2b:7c:5e:9a:76:e9:59:90:c5:7c:83:35:11:65:51 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 465/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 465/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL/TLS invalid protocol version tolerance | port 465/tcp over SSL |
| my version | target version |
| 0304 | 0301 |
| 0399 | 0301 |
| 0400 | rejected |
| 0499 | rejected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 465/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 465/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 1276797857 (0x4c1a63a1) |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| countryName | US |
| organizationName | "Entrust, Inc." |
| organizationalUnitName | www.entrust.net/rpa is incorporated by reference |
| organizationalUnitName | "(c) 2009 Entrust, Inc." |
| commonName | Entrust Certification Authority - L1C |
| (0)SUBJECT NAME | |
| countryName | US |
| stateOrProvinceName | North Carolina |
| localityName | Chapel Hill |
| organizationName | University of North Carolina at Chapel Hill |
| organizationalUnitName | Cecil G. Sheps Center for Health Services Research |
| commonName | mail.schsr.unc.edu |
| (0)Valid From | May 18 19:54:13 2011 GMT |
| (0)Valid Till | Jul 19 10:22:09 2015 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (2048 bit) |
| (0) | Public-Key: (2048 bit) |
| (0) | Modulus: |
| (0) | 00:d2:70:9b:34:c8:7e:96:97:c9:27:d4:a5:05:38: |
| (0) | 7f:3d:4b:36:cf:d8:22:46:36:2f:8c:10:df:66:09: |
| (0) | 41:78:2f:9d:cf:62:44:1b:1d:56:27:8d:e4:e2:d2: |
| (0) | da:e3:cb:8d:7e:75:9e:d1:5e:9e:28:69:b4:68:eb: |
| (0) | 74:e1:75:ef:da:92:e8:20:c4:a5:c1:61:db:ce:6a: |
| (0) | 82:48:e6:04:85:e5:ca:4b:df:c0:86:0a:6c:fd:fa: |
| (0) | cf:11:4d:97:23:8f:5f:5b:86:e9:7e:31:24:f2:13: |
| (0) | a2:dd:cc:45:a4:38:ed:c3:35:72:f1:55:ce:b6:6c: |
| (0) | 1b:26:9e:1b:53:90:89:9a:8e:4b:88:84:b5:50:78: |
| (0) | eb:94:6f:30:51:fe:d5:e4:0a:41:e4:19:6a:52:3d: |
| (0) | 30:9d:55:1e:c3:f7:f7:ce:0b:f8:42:33:75:d9:ae: |
| (0) | 10:1e:9d:f0:dc:d3:5e:67:05:85:81:59:e1:e6:7f: |
| (0) | df:45:b5:f6:eb:db:61:9d:71:03:7b:64:cd:10:7f: |
| (0) | 27:1c:ab:03:9f:8a:5e:e2:aa:01:f7:d2:b7:2d:fa: |
| (0) | dd:cf:5b:2d:f6:c8:40:63:91:cc:4a:52:8e:de:8a: |
| (0) | 4d:5d:fc:dd:77:79:56:78:c8:79:2a:be:89:89:e8: |
| (0) | a0:0a:b9:7c:7a:91:8c:0e:c0:d0:4a:ba:36:5a:b3: |
| (0) | 2a:17 |
| (0) | Exponent: 65537 (0x10001) |
| (0)X509v3 EXTENSIONS | |
| (0)X509v3 Key Usage | Digital Signature, Key Encipherment |
| (0)X509v3 Extended Key Usage | TLS Web Server Authentication |
| (0)X509v3 CRL Distribution Points | |
| (0) | Full Name: |
| (0) | URI:http://crl.entrust.net/level1c.crl |
| (0)Authority Information Access | OCSP - URI:http://ocsp.entrust.net |
| (0)X509v3 Certificate Policies | Policy: 1.2.840.113533.7.75.2 |
| (0) | CPS: http://www.entrust.net/rpa |
| (0)X509v3 Authority Key Identifier | keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D |
| (0)X509v3 Subject Key Identifier | D8:71:72:86:61:37:2E:90:E7:80:0E:0A:42:8F:8A:15:83:E1:A6:A8 |
| (0)X509v3 Basic Constraints | CA:FALSE |
| (0)Signature | (256 octets) |
| (0) | 02:b0:0b:1a:88:cb:d9:85:6d:88:f0:47:f6:73:25:9e |
| (0) | 8a:a0:38:fc:6e:50:88:a4:d3:ce:1a:07:e4:1a:16:fc |
| (0) | ad:6d:d2:26:aa:11:bb:b4:ac:27:e0:bd:20:25:09:30 |
| (0) | dc:16:9e:8e:f1:b8:c9:ec:83:f3:b5:36:f0:d2:fc:c8 |
| (0) | 87:ed:76:be:ea:1d:dc:4c:6f:79:25:15:0f:17:29:f7 |
| (0) | 08:ec:ad:43:c1:fd:a4:85:3d:f4:05:f1:dc:cf:e4:f8 |
| (0) | 48:f2:bc:2a:99:04:36:10:ed:83:bb:33:ed:8d:1b:ee |
| (0) | 48:15:9d:2e:c5:8c:1c:c0:52:c4:87:b6:30:53:47:ba |
| (0) | 8b:b8:01:64:19:19:f3:ac:f0:f0:0e:c4:e3:c4:43:b0 |
| (0) | 00:24:03:4a:53:25:38:c3:61:3d:bd:37:95:b5:83:86 |
| (0) | 6b:f8:f5:fd:95:53:c5:11:64:a9:07:29:07:eb:eb:11 |
| (0) | fb:ed:02:50:28:87:a6:eb:ad:16:40:44:dd:76:5d:76 |
| (0) | 56:af:f5:fc:10:79:dd:29:be:96:4f:19:89:0b:2d:f3 |
| (0) | 85:a1:55:fe:4b:80:a3:a5:af:e7:fa:56:4c:6a:8e:8a |
| (0) | d4:82:43:2f:89:ff:16:60:e2:8b:2f:1b:65:ab:30:80 |
| (0) | bf:2b:62:94:3d:e8:07:b0:76:e6:cb:af:d6:97:38:2b |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 587/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 587/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 587/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 587/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 1276797857 (0x4c1a63a1) |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| countryName | US |
| organizationName | "Entrust, Inc." |
| organizationalUnitName | www.entrust.net/rpa is incorporated by reference |
| organizationalUnitName | "(c) 2009 Entrust, Inc." |
| commonName | Entrust Certification Authority - L1C |
| (0)SUBJECT NAME | |
| countryName | US |
| stateOrProvinceName | North Carolina |
| localityName | Chapel Hill |
| organizationName | University of North Carolina at Chapel Hill |
| organizationalUnitName | Cecil G. Sheps Center for Health Services Research |
| commonName | mail.schsr.unc.edu |
| (0)Valid From | May 18 19:54:13 2011 GMT |
| (0)Valid Till | Jul 19 10:22:09 2015 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (2048 bit) |
| (0) | Public-Key: (2048 bit) |
| (0) | Modulus: |
| (0) | 00:d2:70:9b:34:c8:7e:96:97:c9:27:d4:a5:05:38: |
| (0) | 7f:3d:4b:36:cf:d8:22:46:36:2f:8c:10:df:66:09: |
| (0) | 41:78:2f:9d:cf:62:44:1b:1d:56:27:8d:e4:e2:d2: |
| (0) | da:e3:cb:8d:7e:75:9e:d1:5e:9e:28:69:b4:68:eb: |
| (0) | 74:e1:75:ef:da:92:e8:20:c4:a5:c1:61:db:ce:6a: |
| (0) | 82:48:e6:04:85:e5:ca:4b:df:c0:86:0a:6c:fd:fa: |
| (0) | cf:11:4d:97:23:8f:5f:5b:86:e9:7e:31:24:f2:13: |
| (0) | a2:dd:cc:45:a4:38:ed:c3:35:72:f1:55:ce:b6:6c: |
| (0) | 1b:26:9e:1b:53:90:89:9a:8e:4b:88:84:b5:50:78: |
| (0) | eb:94:6f:30:51:fe:d5:e4:0a:41:e4:19:6a:52:3d: |
| (0) | 30:9d:55:1e:c3:f7:f7:ce:0b:f8:42:33:75:d9:ae: |
| (0) | 10:1e:9d:f0:dc:d3:5e:67:05:85:81:59:e1:e6:7f: |
| (0) | df:45:b5:f6:eb:db:61:9d:71:03:7b:64:cd:10:7f: |
| (0) | 27:1c:ab:03:9f:8a:5e:e2:aa:01:f7:d2:b7:2d:fa: |
| (0) | dd:cf:5b:2d:f6:c8:40:63:91:cc:4a:52:8e:de:8a: |
| (0) | 4d:5d:fc:dd:77:79:56:78:c8:79:2a:be:89:89:e8: |
| (0) | a0:0a:b9:7c:7a:91:8c:0e:c0:d0:4a:ba:36:5a:b3: |
| (0) | 2a:17 |
| (0) | Exponent: 65537 (0x10001) |
| (0)X509v3 EXTENSIONS | |
| (0)X509v3 Key Usage | Digital Signature, Key Encipherment |
| (0)X509v3 Extended Key Usage | TLS Web Server Authentication |
| (0)X509v3 CRL Distribution Points | |
| (0) | Full Name: |
| (0) | URI:http://crl.entrust.net/level1c.crl |
| (0)Authority Information Access | OCSP - URI:http://ocsp.entrust.net |
| (0)X509v3 Certificate Policies | Policy: 1.2.840.113533.7.75.2 |
| (0) | CPS: http://www.entrust.net/rpa |
| (0)X509v3 Authority Key Identifier | keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D |
| (0)X509v3 Subject Key Identifier | D8:71:72:86:61:37:2E:90:E7:80:0E:0A:42:8F:8A:15:83:E1:A6:A8 |
| (0)X509v3 Basic Constraints | CA:FALSE |
| (0)Signature | (256 octets) |
| (0) | 02:b0:0b:1a:88:cb:d9:85:6d:88:f0:47:f6:73:25:9e |
| (0) | 8a:a0:38:fc:6e:50:88:a4:d3:ce:1a:07:e4:1a:16:fc |
| (0) | ad:6d:d2:26:aa:11:bb:b4:ac:27:e0:bd:20:25:09:30 |
| (0) | dc:16:9e:8e:f1:b8:c9:ec:83:f3:b5:36:f0:d2:fc:c8 |
| (0) | 87:ed:76:be:ea:1d:dc:4c:6f:79:25:15:0f:17:29:f7 |
| (0) | 08:ec:ad:43:c1:fd:a4:85:3d:f4:05:f1:dc:cf:e4:f8 |
| (0) | 48:f2:bc:2a:99:04:36:10:ed:83:bb:33:ed:8d:1b:ee |
| (0) | 48:15:9d:2e:c5:8c:1c:c0:52:c4:87:b6:30:53:47:ba |
| (0) | 8b:b8:01:64:19:19:f3:ac:f0:f0:0e:c4:e3:c4:43:b0 |
| (0) | 00:24:03:4a:53:25:38:c3:61:3d:bd:37:95:b5:83:86 |
| (0) | 6b:f8:f5:fd:95:53:c5:11:64:a9:07:29:07:eb:eb:11 |
| (0) | fb:ed:02:50:28:87:a6:eb:ad:16:40:44:dd:76:5d:76 |
| (0) | 56:af:f5:fc:10:79:dd:29:be:96:4f:19:89:0b:2d:f3 |
| (0) | 85:a1:55:fe:4b:80:a3:a5:af:e7:fa:56:4c:6a:8e:8a |
| (0) | d4:82:43:2f:89:ff:16:60:e2:8b:2f:1b:65:ab:30:80 |
| (0) | bf:2b:62:94:3d:e8:07:b0:76:e6:cb:af:d6:97:38:2b |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 906/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| CIPHER | KEY-EXCHANGE | AUTHENTICATION | MAC | ENCRYPTION(KEY-STRENGTH) | GRADE |
| SSLv2 PROTOCOL IS ENABLED | |||||
| DES-CBC3-MD5 | RSA | RSA | MD5 | 3DES(168) | HIGH |
| RC4-MD5 | RSA | RSA | MD5 | RC4(128) | MEDIUM |
| RC2-CBC-MD5 | RSA | RSA | MD5 | RC2(128) | MEDIUM |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| SSLv3 PROTOCOL IS ENABLED | |||||
| SSLv3 | COMPRESSION METHOD | None | |||
| DES-CBC3-MD5 | RSA | RSA | MD5 | 3DES(168) | HIGH |
| RC4-MD5 | RSA | RSA | MD5 | RC4(128) | MEDIUM |
| RC2-CBC-MD5 | RSA | RSA | MD5 | RC2(128) | MEDIUM |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 906/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL/TLS invalid protocol version tolerance | port 906/tcp over SSL |
| my version | target version |
| 0304 | 0301 |
| 0399 | 0301 |
| 0400 | rejected |
| 0499 | rejected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 906/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 906/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 1276797857 (0x4c1a63a1) |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| countryName | US |
| organizationName | "Entrust, Inc." |
| organizationalUnitName | www.entrust.net/rpa is incorporated by reference |
| organizationalUnitName | "(c) 2009 Entrust, Inc." |
| commonName | Entrust Certification Authority - L1C |
| (0)SUBJECT NAME | |
| countryName | US |
| stateOrProvinceName | North Carolina |
| localityName | Chapel Hill |
| organizationName | University of North Carolina at Chapel Hill |
| organizationalUnitName | Cecil G. Sheps Center for Health Services Research |
| commonName | mail.schsr.unc.edu |
| (0)Valid From | May 18 19:54:13 2011 GMT |
| (0)Valid Till | Jul 19 10:22:09 2015 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (2048 bit) |
| (0) | Public-Key: (2048 bit) |
| (0) | Modulus: |
| (0) | 00:d2:70:9b:34:c8:7e:96:97:c9:27:d4:a5:05:38: |
| (0) | 7f:3d:4b:36:cf:d8:22:46:36:2f:8c:10:df:66:09: |
| (0) | 41:78:2f:9d:cf:62:44:1b:1d:56:27:8d:e4:e2:d2: |
| (0) | da:e3:cb:8d:7e:75:9e:d1:5e:9e:28:69:b4:68:eb: |
| (0) | 74:e1:75:ef:da:92:e8:20:c4:a5:c1:61:db:ce:6a: |
| (0) | 82:48:e6:04:85:e5:ca:4b:df:c0:86:0a:6c:fd:fa: |
| (0) | cf:11:4d:97:23:8f:5f:5b:86:e9:7e:31:24:f2:13: |
| (0) | a2:dd:cc:45:a4:38:ed:c3:35:72:f1:55:ce:b6:6c: |
| (0) | 1b:26:9e:1b:53:90:89:9a:8e:4b:88:84:b5:50:78: |
| (0) | eb:94:6f:30:51:fe:d5:e4:0a:41:e4:19:6a:52:3d: |
| (0) | 30:9d:55:1e:c3:f7:f7:ce:0b:f8:42:33:75:d9:ae: |
| (0) | 10:1e:9d:f0:dc:d3:5e:67:05:85:81:59:e1:e6:7f: |
| (0) | df:45:b5:f6:eb:db:61:9d:71:03:7b:64:cd:10:7f: |
| (0) | 27:1c:ab:03:9f:8a:5e:e2:aa:01:f7:d2:b7:2d:fa: |
| (0) | dd:cf:5b:2d:f6:c8:40:63:91:cc:4a:52:8e:de:8a: |
| (0) | 4d:5d:fc:dd:77:79:56:78:c8:79:2a:be:89:89:e8: |
| (0) | a0:0a:b9:7c:7a:91:8c:0e:c0:d0:4a:ba:36:5a:b3: |
| (0) | 2a:17 |
| (0) | Exponent: 65537 (0x10001) |
| (0)X509v3 EXTENSIONS | |
| (0)X509v3 Key Usage | Digital Signature, Key Encipherment |
| (0)X509v3 Extended Key Usage | TLS Web Server Authentication |
| (0)X509v3 CRL Distribution Points | |
| (0) | Full Name: |
| (0) | URI:http://crl.entrust.net/level1c.crl |
| (0)Authority Information Access | OCSP - URI:http://ocsp.entrust.net |
| (0)X509v3 Certificate Policies | Policy: 1.2.840.113533.7.75.2 |
| (0) | CPS: http://www.entrust.net/rpa |
| (0)X509v3 Authority Key Identifier | keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D |
| (0)X509v3 Subject Key Identifier | D8:71:72:86:61:37:2E:90:E7:80:0E:0A:42:8F:8A:15:83:E1:A6:A8 |
| (0)X509v3 Basic Constraints | CA:FALSE |
| (0)Signature | (256 octets) |
| (0) | 02:b0:0b:1a:88:cb:d9:85:6d:88:f0:47:f6:73:25:9e |
| (0) | 8a:a0:38:fc:6e:50:88:a4:d3:ce:1a:07:e4:1a:16:fc |
| (0) | ad:6d:d2:26:aa:11:bb:b4:ac:27:e0:bd:20:25:09:30 |
| (0) | dc:16:9e:8e:f1:b8:c9:ec:83:f3:b5:36:f0:d2:fc:c8 |
| (0) | 87:ed:76:be:ea:1d:dc:4c:6f:79:25:15:0f:17:29:f7 |
| (0) | 08:ec:ad:43:c1:fd:a4:85:3d:f4:05:f1:dc:cf:e4:f8 |
| (0) | 48:f2:bc:2a:99:04:36:10:ed:83:bb:33:ed:8d:1b:ee |
| (0) | 48:15:9d:2e:c5:8c:1c:c0:52:c4:87:b6:30:53:47:ba |
| (0) | 8b:b8:01:64:19:19:f3:ac:f0:f0:0e:c4:e3:c4:43:b0 |
| (0) | 00:24:03:4a:53:25:38:c3:61:3d:bd:37:95:b5:83:86 |
| (0) | 6b:f8:f5:fd:95:53:c5:11:64:a9:07:29:07:eb:eb:11 |
| (0) | fb:ed:02:50:28:87:a6:eb:ad:16:40:44:dd:76:5d:76 |
| (0) | 56:af:f5:fc:10:79:dd:29:be:96:4f:19:89:0b:2d:f3 |
| (0) | 85:a1:55:fe:4b:80:a3:a5:af:e7:fa:56:4c:6a:8e:8a |
| (0) | d4:82:43:2f:89:ff:16:60:e2:8b:2f:1b:65:ab:30:80 |
| (0) | bf:2b:62:94:3d:e8:07:b0:76:e6:cb:af:d6:97:38:2b |
| (1)CERTIFICATE 1 | |
| (1)Version | 3 (0x2) |
| (1)Serial Number | 946072060 (0x3863e9fc) |
| (1)Signature Algorithm | sha1WithRSAEncryption |
| (1)ISSUER NAME | |
| organizationName | Entrust.net |
| organizationalUnitName | www.entrust.net/CPS 2048 incorp. by ref. (limits liab.) |
| organizationalUnitName | (c) 1999 Entrust.net Limited |
| commonName | Entrust.net Certification Authority (2048) |
| (1)SUBJECT NAME | |
| countryName | US |
| organizationName | "Entrust, Inc." |
| organizationalUnitName | www.entrust.net/rpa is incorporated by reference |
| organizationalUnitName | "(c) 2009 Entrust, Inc." |
| commonName | Entrust Certification Authority - L1C |
| (1)Valid From | Dec 10 20:43:54 2009 GMT |
| (1)Valid Till | Dec 10 21:13:54 2019 GMT |
| (1)Public Key Algorithm | rsaEncryption |
| (1)RSA Public Key | (2048 bit) |
| (1) | Public-Key: (2048 bit) |
| (1) | Modulus: |
| (1) | 00:97:a3:2d:3c:9e:de:05:da:13:c2:11:8d:9d:8e: |
| (1) | e3:7f:c7:4b:7e:5a:9f:b3:ff:62:ab:73:c8:28:6b: |
| (1) | ba:10:64:82:87:13:cd:57:18:ff:28:ce:c0:e6:0e: |
| (1) | 06:91:50:29:83:d1:f2:c3:2a:db:d8:db:4e:04:cc: |
| (1) | 00:eb:8b:b6:96:dc:bc:aa:fa:52:77:04:c1:db:19: |
| (1) | e4:ae:9c:fd:3c:8b:03:ef:4d:bc:1a:03:65:f9:c1: |
| (1) | b1:3f:72:86:f2:38:aa:19:ae:10:88:78:28:da:75: |
| (1) | c3:3d:02:82:02:9c:b9:c1:65:77:76:24:4c:98:f7: |
| (1) | 6d:31:38:fb:db:fe:db:37:02:76:a1:18:97:a6:cc: |
| (1) | de:20:09:49:36:24:69:42:f6:e4:37:62:f1:59:6d: |
| (1) | a9:3c:ed:34:9c:a3:8e:db:dc:3a:d7:f7:0a:6f:ef: |
| (1) | 2e:d8:d5:93:5a:7a:ed:08:49:68:e2:41:e3:5a:90: |
| (1) | c1:86:55:fc:51:43:9d:e0:b2:c4:67:b4:cb:32:31: |
| (1) | 25:f0:54:9f:4b:d1:6f:db:d4:dd:fc:af:5e:6c:78: |
| (1) | 90:95:de:ca:3a:48:b9:79:3c:9b:19:d6:75:05:a0: |
| (1) | f9:88:d7:c1:e8:a5:09:e4:1a:15:dc:87:23:aa:b2: |
| (1) | 75:8c:63:25:87:d8:f8:3d:a6:c2:cc:66:ff:a5:66: |
| (1) | 68:55 |
| (1) | Exponent: 65537 (0x10001) |
| (1)X509v3 EXTENSIONS | |
| (1)X509v3 Key Usage | critical |
| (1) | Certificate Sign, CRL Sign |
| (1)X509v3 Basic Constraints | critical |
| (1) | CA:TRUE |
| (1)Authority Information Access | OCSP - URI:http://ocsp.entrust.net |
| (1)X509v3 CRL Distribution Points | |
| (1) | Full Name: |
| (1) | URI:http://crl.entrust.net/2048ca.crl |
| (1)X509v3 Certificate Policies | Policy: X509v3 Any Policy |
| (1) | CPS: http://www.entrust.net/rpa |
| (1)X509v3 Subject Key Identifier | 1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D |
| (1)X509v3 Authority Key Identifier | keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 |
| (1)Signature | (256 octets) |
| (1) | 07:f6:5f:82:84:7f:80:40:c7:90:34:46:42:24:03:ce |
| (1) | 2f:ab:ba:83:9e:25:73:0d:ed:ac:05:69:c6:87:ed:a3 |
| (1) | 5c:f2:57:c1:b1:49:76:9a:4d:f2:3f:dd:e4:0e:fe:0b |
| (1) | 3e:b9:98:d9:32:95:1d:32:f4:01:ee:9c:c8:c8:e5:3f |
| (1) | e0:53:76:62:fc:dd:ab:6d:3d:94:90:f2:c0:b3:3c:98 |
| (1) | 27:36:5e:28:97:22:fc:1b:40:d3:2b:0d:ad:b5:57:6d |
| (1) | df:0f:e3:4b:ef:73:02:10:65:fa:1b:d0:ac:31:d5:e3 |
| (1) | 0f:e8:ba:32:30:83:ee:4a:d0:bf:df:22:90:7a:be:ec |
| (1) | 3a:1b:c4:49:04:1d:f1:ae:80:77:3c:42:08:db:a7:3b |
| (1) | 28:a6:80:01:03:e6:39:a3:eb:df:80:59:1b:f3:2c:be |
| (1) | dc:72:44:79:a0:6c:07:a5:6d:4d:44:8e:42:68:ca:94 |
| (1) | 7c:2e:36:ba:85:9e:cd:aa:c4:5e:3c:54:be:fe:2f:ea |
| (1) | 69:9d:1c:1e:29:9b:96:d8:c8:fe:51:90:f1:24:a6:90 |
| (1) | 06:b3:f0:29:a2:ff:78:2e:77:5c:45:21:d9:44:00:31 |
| (1) | f3:be:32:4f:f5:0a:32:0d:fc:fc:ba:16:76:56:b2:d6 |
| (1) | 48:92:f2:8b:a6:3e:b7:ac:5c:69:ea:0b:3f:66:45:b9 |
| (2)CERTIFICATE 2 | |
| (2)Version | 3 (0x2) |
| (2)Serial Number | 946069240 (0x3863def8) |
| (2)Signature Algorithm | sha1WithRSAEncryption |
| (2)ISSUER NAME | |
| organizationName | Entrust.net |
| organizationalUnitName | www.entrust.net/CPS 2048 incorp. by ref. (limits liab.) |
| organizationalUnitName | (c) 1999 Entrust.net Limited |
| commonName | Entrust.net Certification Authority (2048) |
| (2)SUBJECT NAME | |
| organizationName | Entrust.net |
| organizationalUnitName | www.entrust.net/CPS 2048 incorp. by ref. (limits liab.) |
| organizationalUnitName | (c) 1999 Entrust.net Limited |
| commonName | Entrust.net Certification Authority (2048) |
| (2)Valid From | Dec 24 17:50:51 1999 GMT |
| (2)Valid Till | Jul 24 14:15:12 2029 GMT |
| (2)Public Key Algorithm | rsaEncryption |
| (2)RSA Public Key | (2048 bit) |
| (2) | Public-Key: (2048 bit) |
| (2) | Modulus: |
| (2) | 00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64: |
| (2) | 2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7: |
| (2) | 78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76: |
| (2) | 98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf: |
| (2) | e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1: |
| (2) | 02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29: |
| (2) | b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64: |
| (2) | ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c: |
| (2) | e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89: |
| (2) | a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90: |
| (2) | 76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2: |
| (2) | cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a: |
| (2) | fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55: |
| (2) | 60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86: |
| (2) | 5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26: |
| (2) | 93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e: |
| (2) | 4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0: |
| (2) | 07:e1 |
| (2) | Exponent: 65537 (0x10001) |
| (2)X509v3 EXTENSIONS | |
| (2)X509v3 Key Usage | critical |
| (2) | Certificate Sign, CRL Sign |
| (2)X509v3 Basic Constraints | critical |
| (2) | CA:TRUE |
| (2)X509v3 Subject Key Identifier | 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 |
| (2)Signature | (256 octets) |
| (2) | 3b:9b:8f:56:9b:30:e7:53:99:7c:7a:79:a7:4d:97:d7 |
| (2) | 19:95:90:fb:06:1f:ca:33:7c:46:63:8f:96:66:24:fa |
| (2) | 40:1b:21:27:ca:e6:72:73:f2:4f:fe:31:99:fd:c8:0c |
| (2) | 4c:68:53:c6:80:82:13:98:fa:b6:ad:da:5d:3d:f1:ce |
| (2) | 6e:f6:15:11:94:82:0c:ee:3f:95:af:11:ab:0f:d7:2f |
| (2) | de:1f:03:8f:57:2c:1e:c9:bb:9a:1a:44:95:eb:18:4f |
| (2) | a6:1f:cd:7d:57:10:2f:9b:04:09:5a:84:b5:6e:d8:1d |
| (2) | 3a:e1:d6:9e:d1:6c:79:5e:79:1c:14:c5:e3:d0:4c:93 |
| (2) | 3b:65:3c:ed:df:3d:be:a6:e5:95:1a:c3:b5:19:c3:bd |
| (2) | 5e:5b:bb:ff:23:ef:68:19:cb:12:93:27:5c:03:2d:6f |
| (2) | 30:d0:1e:b6:1a:ac:de:5a:f7:d1:aa:a8:27:a6:fe:79 |
| (2) | 81:c4:79:99:33:57:ba:12:b0:a9:e0:42:6c:93:ca:56 |
| (2) | de:fe:6d:84:0b:08:8b:7e:8d:ea:d7:98:21:c6:f3:e7 |
| (2) | 3c:79:2f:5e:9c:d1:4c:15:8d:e1:ec:22:37:cc:9a:43 |
| (2) | 0b:97:dc:80:90:8d:b3:67:9b:6f:48:08:15:56:cf:bf |
| (2) | f1:2b:7c:5e:9a:76:e9:59:90:c5:7c:83:35:11:65:51 |
| Expand | Severity | Title | Port/Service |
|
|
4
|
OpenSSH Signal Handling Vulnerability |
The following security vulnerabilities have been identified in OpenSSH:
- A signal handler race condition in OpenSSH before Version 4.4 can be exploited to cause a crash, and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. (CVE-2006-5051)
- A denial of service vulnerability exists in sshd in OpenSSH before Version 4.4, when using the SSH protocol Version 1, because it does not properly handle duplicate incoming blocks. This can be exploited by a remote attacker to cause sshd to consume a large quantity of CPU resources. (CVE-2006-4924)
Several vendors have issued fixes to resolve this issue. Below are links to the advisories which contain patch download information.
Debian GNU/Linux:
http://www.debian.org/security/2006/dsa-1189
Red Hat Linux:
http://rhn.redhat.com/errata/RHSA-2006-0697.html
SuSE Linux:
http://www.novell.com/linux/security/advisories/2006_62_openssh.html
Sun Microsystems:
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1000947.1 (registration required)
Mandriva:
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179
HP has released a patch to address this issue. Refer to HP's technical support document HPSBUX02178 (registration required) for further details.
Ubuntu:
http://www.ubuntu.com/usn/usn-355-1
VMware ESX Server
For ESX 3.0.0: Patch 3069097
For ESX 3.0.1: Patch 9986131
For other distributions:
Please contact your vendor for upgrade or patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
OpenSSH Plaintext Recovery Attack Against SSH Vulnerability |
OpenSSH is prone to a plain text recovery attack. The issue is in the SSH protocol specification itself and exists in Secure Shell (SSH) software when used with CBC-mode ciphers.
Affected Versions:
OpenSSH Version 5.1 and earlier.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
OpenSSH X11 Hijacking Attack Vulnerability |
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.Successfully exploiting this issue may allow an attacker run arbitrary shell commands.
Affected Versions:
OpenSSH Versions prior to 5.0 are vulnerable.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
OpenSSH Version 4.6 and Prior X11 Cookie Privilege Escalation Vulnerability |
OpenSSH is prone to a privilege escalation vulnerability because Trusted X11 cookies are created when untrusted cookies cannot be created.
OpenSSH, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists
Affected Versions:
OpenSSH Versions prior to 4.7 are vulnerable.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
OpenSSH X11 Forwarding Information Disclosure |
OpenSSH is exposed to an information disclosure vulnerability caused by an error when binding to previously bound ports that have the SO_REUSEADDR option enabled and the sshd_config X11UseLocalhost option set to no.
Affected Versions:
OpenSSH Versions prior to 5.1 are vulnerable.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
OpenSSH Commands Information Disclosure Vulnerability |
Openssh-server could allow a remote attacker to obtain sensitive information because of the improper handling of forced commands.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
OpenSSH J-PAKE Session Key Retrieval Vulnerability |
OpenSSH, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol. This allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
Affected Software:
OpenSSH versions 5.6 and prior.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Vulnerability |
An information disclosure weakness exists in portable OpenSSH. When running on some platforms, OpenSSH allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
Affected Versions:
OpenSSH Versions prior to 4.4.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
2
|
OpenSSH ForceCommand Bypass Vulnerability |
OpenSSH is prone to a security bypass vulnerability caused by an improper implementation of the "ForceCommand" directive. This can be exploited to execute arbitrary commands via the ~/.ssh/rc file even if a "ForceCommand" directive is in effect.
Affected Software:
OpenSSH 4.x Versions prior to 4.9 are affected
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
2
|
OpenSSH Privilege Separation Monitor Vulnerability |
OpenSSH is prone to a privilege escalation vulnerability caused by an error within the privilege separation monitor, which may weaken the authentication process.
Affected Software:
OpenSSH versions prior to 4.5 are effected
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
Remote Access or Management Service Detected |
The Results section includes information on the remote access service that was found on the target.
Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Operating System Detected |
1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.
| Operating System | Technique | ID |
| Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP | TCP/IP Fingerprint | U1141:22 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
DNS Host Name |
| IP address | Host name |
| 152.2.35.186 | s186.schsr.unc.edu |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Firewall Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Target Network Information |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Service Provider |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Traceroute |
| Hops | IP | Round Trip Time | Probe |
| 1 | 152.2.20.1 | 0.63ms | ICMP |
| 2 | 152.19.253.106 | 1.18ms | ICMP |
| 3 | 152.19.255.17 | 0.99ms | ICMP |
| 4 | 152.19.255.210 | 1.64ms | ICMP |
| 5 | 152.2.35.186 | 1.15ms | ICMP |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Scan Time |
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Names Found |
| Host Name | Source |
| s186.schsr.unc.edu | FQDN |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open TCP Services List |
The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).
| Port | IANA Assigned Ports/Services | Description | Service Detected | OS On Redirected Port |
| 22 | ssh | SSH Remote Login Protocol | ssh |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ICMP Replies Received |
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
| ICMP Reply Type | Triggered By | Additional Information |
| Echo (type=0 code=0) | Echo Request | Echo Reply |
| Time Stamp (type=14 code=0) | Time Stamp Request | 19:37:53 GMT |
| Unreachable (type=3 code=10) | (Various) | Destination Host Prohibited |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Degree of Randomness of TCP Initial Sequence Numbers |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IP ID Values Randomness |
Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix Authentication Failed |
Unix authentication is used to obtain remote access to different command line services such as SSH, telnet and rlogin. Specified credentials must include a user name and may include a password, an RSA private key and/or DSA private key.
| Service | SSH |
| User Name | monitor |
| Authentication Record | DSA Authentication |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH daemon information retrieving | port 22/tcp |
For Red Hat ES 4:- SSH1 supported yes Supported authentification methods for SSH1 RSA,password Supported ciphers for SSH1 3des,blowfish SSH2 supported yes Supported keys exchange algorithm for SSH2 diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 Supported decryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported encryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported decryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported encryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported authentification methods for SSH2 publickey,gssapi-with-mic,password
| SSH1 supported | no |
| SSH2 supported | yes |
| Supported keys exchange algorithm for SSH2 | diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 |
| Supported decryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported encryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported decryption mac for SSH2 | hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported encryption mac for SSH2 | hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported authentication methods for SSH2 | password, publickey |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH Banner | port 22/tcp |
| Expand | Severity | Title | Port/Service |
|
|
4
|
Red Hat Update for Kernel (RHSA-2013-0630) |
This update fixes the following security issues:
* A flaw was found in the way the xen_iret() function in the Linux kernel used the DS (the CPU's Data Segment) register. A local, unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to crash the guest or, potentially, escalate their privileges. (CVE-2013-0228, Important)
* A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)
Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
To install packages using the command line interface, use the command "yum update".
Refer to Red Hat security advisory RHSA-2013-0630 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (python-perf-debuginfo-2.6.32-358.2.1.el6.i686)
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (perf-debuginfo-2.6.32-358.2.1.el6.i686)
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (kernel-debuginfo-2.6.32-358.2.1.el6.i686)
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686)
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (perf-debuginfo-2.6.32-358.2.1.el6.x86_64)
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (kernel-debuginfo-2.6.32-358.2.1.el6.x86_64)
RHSA-2013-0630: RHEL Server Optional (v. 6 64-bit x86_64) (python-perf-2.6.32-358.2.1.el6.x86_64)
RHSA-2013-0630: RHEL Server Optional (v. 6 IBM System z) (python-perf-2.6.32-358.2.1.el6.s390x)
RHSA-2013-0630: RHEL Server Optional (v. 6 for 32-bit x86) (python-perf-2.6.32-358.2.1.el6.i686)
RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perf-2.6.32-358.2.1.el6.i686)
| Package | Installed Version | Required Version |
| kernel | 2.6.32-358.0.1.el6.x86_64 | 2.6.32-358.2.1.el6 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Red Hat Update for OpenLDAP (RHSA-2011-0347) |
A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024)
It was found that the OpenLDAP back-ndb back end allowed successful authentication to the root distinguished name (DN) when any string was provided as a password. A remote user could use this flaw to access an OpenLDAP directory if they knew the value of the root DN. Note: This issue only affected OpenLDAP installations using the NDB back-end, which is only available for Red Hat Enterprise Linux 6 via third-party software. (CVE-2011-1025)
A flaw was found in the way OpenLDAP handled modify relative distinguished name (modrdn) requests. A remote, unauthenticated user could use this flaw to crash an OpenLDAP server via a modrdn request containing an empty old RDN value. (CVE-2011-1081)
Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
Steps on using the Red Hat Network to apply packages are listed as follows:
For Red Hat Enterprise Linux Versions 2.1, 3, and 4, the interactive Update Agent can be launched with the "up2date" command.
For Red Hat Enterprise Linux Version 5, the graphical Update tool can be launched with the "pup" command.
To install packages using the command line interface, use the command "yum update".
Refer to Red Hat security advisory RHSA-2011-0347 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86) (openldap-debuginfo-2.4.19-15.el6_0.2.i686)
RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86_64) (openldap-debuginfo-2.4.19-15.el6_0.2.x86_64)
RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86_64) (openldap-debuginfo-2.4.19-15.el6_0.2.i686)
| Package | Installed Version | Required Version |
| compat-openldap | 2.3.43-2.el6.x86_64 | 2.4.19_2.3.43-15.el6_0.2 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Red Hat Update for Perl (RHSA-2011-1424) |
A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939)
It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597)
All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.
Steps on using the Red Hat Network to apply packages are listed as follows:
For Red Hat Enterprise Linux Versions 2.1, 3, and 4, the interactive Update Agent can be launched with the "up2date" command.
For Red Hat Enterprise Linux Version 5, the graphical Update tool can be launched with the "pup" command.
To install packages using the command line interface, use the command "yum update".
Refer to Red Hat security advisory RHSA-2011-1424 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86) (perl-debuginfo-5.10.1-119.el6_1.1.i686)
RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86_64) (perl-debuginfo-5.10.1-119.el6_1.1.x86_64)
RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86_64) (perl-debuginfo-5.10.1-119.el6_1.1.i686)
RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-5.10.1-119.el6_1.1.i686)
| Package | Installed Version | Required Version |
| perl-Compress-Raw-Zlib | 2.020-129.el6.x86_64 | 2.023-119.el6_1.1 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Remote Access or Management Service Detected |
The Results section includes information on the remote access service that was found on the target.
Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Unix Group List |
1) The group name. Group names are fairly arbitrary but it is a good idea to choose group names that express some idea about the function of the group.
2) The group's encrypted password. Group passwords encouraged poor security practices, so most modern Unix systems don't support them.
3) The group's unique numeric ID (GID).
4) All users in the group.
| Expand | Severity | Title | Port/Service |
|
|
3
|
User Home Directory With Non-Restrictive Permissions |
Owner: read, write, execute
Group: read, execute
Other: (No Permission)
| Expand | Severity | Title | Port/Service |
|
|
3
|
RPC Portmapper Information |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Network Filesystem (NFS) Exports Information |
The /etc/exports file is the standard for controlling which filesystems are exported to which hosts, as well as specifying particular control options. Blank lines are ignored, comments can be made using #, and long lines can be wrapped with a backslash (\). Each exported filesystem should be on its own line. Lists of authorized hosts placed after an exported filesystem must be separated by space characters. Options for each of the hosts must be placed in parentheses directly after the host identifier, without any spaces separating the host and the first parenthesis.
Remote NFS clients can access the file systems exported depending on their access rights. The /etc/exports file is listed in the result section.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Operating System Detected |
1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.
| Operating System | Technique | ID |
| Red Hat Enterprise Linux Server 6.4 | Unix login | |
| Ubuntu / Linux 2.6.x | TCP/IP Fingerprint | U4856:22 |
| cpe:/o:redhat:red hat enterprise linux:6.4::server: | CPE |
| Expand | Severity | Title | Port/Service |
|
|
2
|
List of Java Related Packages |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Host Uptime Based on TCP TimeStamp Option |
Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Unix Users With root UserID |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Unix Users With root GroupID |
| Expand | Severity | Title | Port/Service |
|
|
2
|
List of Home Directories Associated with UserIDs |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Shared Resource List. |
| Expand | Severity | Title | Port/Service |
|
|
2
|
List of Valid Shells |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SU Logging |
| Expand | Severity | Title | Port/Service |
|
|
2
|
root Should Be Specified in Block List for FTP Users |
On Linux, Solaris and Mac - "/etc/ftpusers"
On HP-UX - "/etc/ftpd/ftpusers" or "/etc/ftpd/ftpaccess"
Note: On HP-UX, root permission is required to access /etc/ftpd/ftpusers file.
This vulnerability check requires read permission on above mentioned configuration files. Without permission this detection may give false results.
| Expand | Severity | Title | Port/Service |
|
|
1
|
DNS Host Name |
| IP address | Host name |
| 152.2.35.191 | s191.schsr.unc.edu |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Firewall Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Target Network Information |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Service Provider |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Traceroute |
| Hops | IP | Round Trip Time | Probe |
| 1 | 152.2.20.1 | 0.41ms | ICMP |
| 2 | 152.19.253.106 | 12.28ms | ICMP |
| 3 | 152.19.255.17 | 1.04ms | ICMP |
| 4 | 152.19.255.210 | 1.48ms | ICMP |
| 5 | 152.2.35.191 | 0.85ms | ICMP |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix Server Information |
| UName | Linux s191.schsr.unc.edu 2.6.32-358.0.1.el6.x86 64 #1 SMP Wed Feb 20 11:05:23 EST 2013 x86 64 x86 64 x86 64 GNU/Linux |
| Operating system | Linux |
| Red Hat Release | Red Hat Enterprise Linux Server release 6.4 (Santiago) |
| Product | Red Hat Enterprise Linux Server |
| Version | 6.4 |
| Vendor | Red Hat |
| CPU | x86 64 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Scan Time |
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Names Found |
| Host Name | Source |
| s191.schsr.unc.edu | FQDN |
| s191.schsr.unc.edu | System-configured |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Contents of /etc/issue File |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Network File System (NFS) Statistics |
The results section of this QID prints the NFS statistics.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux Kernel Version Running |
Red Hat Linux
Oracle Enterprise Linux
Suse
Fedora
Debian
Ubuntu
CentOS
| Expand | Severity | Title | Port/Service |
|
|
1
|
Installed Kernel rpm List for Red Hat and Oracle Enterprise Linux |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Contents of rsyslog.conf File |
ryslog.conf is backward compatible with sysklogd's syslog.conf file.
| Expand | Severity | Title | Port/Service |
|
|
1
|
"daemon.notice" Entry Missing in rsyslog.conf file |
daemon.notice [Tab] <path to logfile>
ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in the specified log file.
This entry was found to be missing from the rsyslog.conf file on the target.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Java Version Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Python Installed on Host |
Note: For Windows Systems
To get the exact version of Python installed on the target, look for the string followed by '#define PY_VERSION' in the result section. A target can have more than one version of Python installed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Java Runtime Environment 1.6 Installed |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Installed Packages on Unix and Linux Operating Systems |
Supported Unix or Linux Operating Systems:
RedHat Linux
CentOS
Suse
Fedora
Oracle Enterprise Linux
Debian
Ubuntu
IBM AIX
Solaris
Mac OS X
NOTE: If the system has more than 200 packages, this qid lists only first 200 packages.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Ruby Installed on Host |
Ruby is installed on target host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Protocol version 6 (IPv6) Enabled on Target Host |
This QID uses the registry key mentioned in Microsoft KB929852 to determine if IPv6 is enabled.
The detection works in the following way:
1) For Windows 2000,XP,2003
-- Check for existence of key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
2) For Windows Vista or 2008 or Windows 7 or Windows 8 or Windows Server 2012 and Windows RT:
-- It checks the value of "DisabledComponents" for key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
Note: This checks make use of Windows Management Instrumentation(WMI) to list IPv6 Addresses on target.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open TCP Services List |
The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).
| Port | IANA Assigned Ports/Services | Description | Service Detected | OS On Redirected Port |
| 22 | ssh | SSH Remote Login Protocol | ssh |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ICMP Replies Received |
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
| ICMP Reply Type | Triggered By | Additional Information |
| Unreachable (type=3 code=10) | (Various) | Destination Host Prohibited |
| Echo (type=0 code=0) | Echo Request | Echo Reply |
| Time Stamp (type=14 code=0) | Time Stamp Request | 11:15:05 GMT |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Degree of Randomness of TCP Initial Sequence Numbers |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IP ID Values Randomness |
Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix User List |
| Expand | Severity | Title | Port/Service |
|
|
1
|
"At" Command Configuration |
The superuser may use these commands in any case. For other users, permission to use the "at" command is determined by the files /etc/at.allow and /etc/at.deny.
If the file /etc/at.allow exists, only usernames mentioned in the file are allowed to use the "at" command. If /etc/at.allow does not exist, /etc/at.deny is checked, and every username not mentioned in it is then allowed to use the "at" command. If neither file exists, only the superuser is allowed use of the "at" command. An empty /etc/at.deny means that all users are allowed access. This is the default configuration.
Note: The Results section is formatted in the following way: It first lists the "ls -la" permissions of any /etc/at.allow or /etc/at.deny files on the target. If present, the contents of the files are "cat"ed (at.deny is typically empty, so it will show up as white space). If the "ls -la" line and the contents of the corresponding file are not shown, it means the file does not exist on the target.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - tcp_max_syn_backlog Value |
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.tcp_max_syn_backlog = 4096
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - rp_filter Value |
The conf/all/rp_filer value is boolean:
0 - No source validation.
1 - Do source validation.
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - accept_source_route Value |
The conf/all/accept_source_route value is boolean:
0 - Do not accept packets
1 - Accept packets
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - accept_redirects Value |
The conf/all/accept_redirects value is boolean:
0 - Do not accept ICMP redirect messages.
1 - Accept ICMP redirect messages.
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - secure_redirects Value |
The conf/all/secure_redirects value is boolean:
0 - Accept ICMP redirect messages from any host.
1 - Accept ICMP redirect messages from gateways listed in default gateway list.
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix Environment Variables |
| Expand | Severity | Title | Port/Service |
|
|
1
|
File System Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Hard Drive Device Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Disk Usage Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Processor Information for Unix Target |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Memory Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
cron.allow File Does Not Exist |
The cron daemon runs shell commands at specified dates and times. It is executed upon system initialization and remains active while the system is operating in multi-user mode.
When the crontab command is invoked, it examines the files "cron.deny" and "cron.allow" in the system's cron directory to grant or revoke the modification of the crontab spool file. If a username appears in the "cron.allow" file, the crontab command may be executed. If that file does not exist and the user's name does not appear in the "cron.deny" file, then cron can be used.
| Expand | Severity | Title | Port/Service |
|
|
1
|
daemon.notice Entry Missing in syslog.conf |
daemon.notice[Tab]logfile
ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in a logfile. This entry was found to be missing from the syslog.conf file.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Kernel Routing Tables Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host File Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH daemon information retrieving | port 22/tcp |
For Red Hat ES 4:- SSH1 supported yes Supported authentification methods for SSH1 RSA,password Supported ciphers for SSH1 3des,blowfish SSH2 supported yes Supported keys exchange algorithm for SSH2 diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 Supported decryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported encryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported decryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported encryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported authentification methods for SSH2 publickey,gssapi-with-mic,password
| SSH1 supported | no |
| SSH2 supported | yes |
| Supported keys exchange algorithm for SSH2 | diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 |
| Supported decryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported encryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported decryption mac for SSH2 | hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported encryption mac for SSH2 | hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported authentication methods for SSH2 | password, publickey |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH Banner | port 22/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix Authentication Method | port 22/tcp |
Unix authentication is used to obtain remote access to different command line services such as SSH, telnet and rlogin. Specified credentials must include a user name and may include a password, an RSA private key and/or a DSA private key. When authenticating to target hosts that support SSH2, authentication is attempted in the following order: 1) RSA key, 2) DSA key and 3) user name and password. For target hosts that only support SSH1, only the supplied user name and password are used for authentication.
| User Name | monitor |
| Authentication Scheme | DSA Key |
| Protocol | SSH Version 2 |
| Discovery Method | Login credentials provided by user |
| Using sudo | No |
| Authentication Record | DSA Authentication |
| Expand | Severity | Title | Port/Service |
|
|
4
|
Red Hat Update for Kernel (RHSA-2013-0630) |
This update fixes the following security issues:
* A flaw was found in the way the xen_iret() function in the Linux kernel used the DS (the CPU's Data Segment) register. A local, unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to crash the guest or, potentially, escalate their privileges. (CVE-2013-0228, Important)
* A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)
Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
To install packages using the command line interface, use the command "yum update".
Refer to Red Hat security advisory RHSA-2013-0630 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (python-perf-debuginfo-2.6.32-358.2.1.el6.i686)
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (perf-debuginfo-2.6.32-358.2.1.el6.i686)
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (kernel-debuginfo-2.6.32-358.2.1.el6.i686)
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686)
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (perf-debuginfo-2.6.32-358.2.1.el6.x86_64)
RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (kernel-debuginfo-2.6.32-358.2.1.el6.x86_64)
RHSA-2013-0630: RHEL Server Optional (v. 6 64-bit x86_64) (python-perf-2.6.32-358.2.1.el6.x86_64)
RHSA-2013-0630: RHEL Server Optional (v. 6 IBM System z) (python-perf-2.6.32-358.2.1.el6.s390x)
RHSA-2013-0630: RHEL Server Optional (v. 6 for 32-bit x86) (python-perf-2.6.32-358.2.1.el6.i686)
RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perf-2.6.32-358.2.1.el6.i686)
| Package | Installed Version | Required Version |
| kernel | 2.6.32-358.0.1.el6.x86_64 | 2.6.32-358.2.1.el6 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Red Hat Update for OpenLDAP (RHSA-2011-0347) |
A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024)
It was found that the OpenLDAP back-ndb back end allowed successful authentication to the root distinguished name (DN) when any string was provided as a password. A remote user could use this flaw to access an OpenLDAP directory if they knew the value of the root DN. Note: This issue only affected OpenLDAP installations using the NDB back-end, which is only available for Red Hat Enterprise Linux 6 via third-party software. (CVE-2011-1025)
A flaw was found in the way OpenLDAP handled modify relative distinguished name (modrdn) requests. A remote, unauthenticated user could use this flaw to crash an OpenLDAP server via a modrdn request containing an empty old RDN value. (CVE-2011-1081)
Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
Steps on using the Red Hat Network to apply packages are listed as follows:
For Red Hat Enterprise Linux Versions 2.1, 3, and 4, the interactive Update Agent can be launched with the "up2date" command.
For Red Hat Enterprise Linux Version 5, the graphical Update tool can be launched with the "pup" command.
To install packages using the command line interface, use the command "yum update".
Refer to Red Hat security advisory RHSA-2011-0347 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86) (openldap-debuginfo-2.4.19-15.el6_0.2.i686)
RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86_64) (openldap-debuginfo-2.4.19-15.el6_0.2.x86_64)
RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86_64) (openldap-debuginfo-2.4.19-15.el6_0.2.i686)
| Package | Installed Version | Required Version |
| compat-openldap | 2.3.43-2.el6.x86_64 | 2.4.19_2.3.43-15.el6_0.2 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Red Hat Update for Perl (RHSA-2011-1424) |
A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939)
It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597)
All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.
Steps on using the Red Hat Network to apply packages are listed as follows:
For Red Hat Enterprise Linux Versions 2.1, 3, and 4, the interactive Update Agent can be launched with the "up2date" command.
For Red Hat Enterprise Linux Version 5, the graphical Update tool can be launched with the "pup" command.
To install packages using the command line interface, use the command "yum update".
Refer to Red Hat security advisory RHSA-2011-1424 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86) (perl-debuginfo-5.10.1-119.el6_1.1.i686)
RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86_64) (perl-debuginfo-5.10.1-119.el6_1.1.x86_64)
RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86_64) (perl-debuginfo-5.10.1-119.el6_1.1.i686)
RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-5.10.1-119.el6_1.1.i686)
| Package | Installed Version | Required Version |
| perl-Compress-Raw-Zlib | 2.020-129.el6.x86_64 | 2.023-119.el6_1.1 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Remote Access or Management Service Detected |
The Results section includes information on the remote access service that was found on the target.
Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Unix Group List |
1) The group name. Group names are fairly arbitrary but it is a good idea to choose group names that express some idea about the function of the group.
2) The group's encrypted password. Group passwords encouraged poor security practices, so most modern Unix systems don't support them.
3) The group's unique numeric ID (GID).
4) All users in the group.
| Expand | Severity | Title | Port/Service |
|
|
3
|
User Home Directory With Non-Restrictive Permissions |
Owner: read, write, execute
Group: read, execute
Other: (No Permission)
| Expand | Severity | Title | Port/Service |
|
|
3
|
RPC Portmapper Information |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Network Filesystem (NFS) Exports Information |
The /etc/exports file is the standard for controlling which filesystems are exported to which hosts, as well as specifying particular control options. Blank lines are ignored, comments can be made using #, and long lines can be wrapped with a backslash (\). Each exported filesystem should be on its own line. Lists of authorized hosts placed after an exported filesystem must be separated by space characters. Options for each of the hosts must be placed in parentheses directly after the host identifier, without any spaces separating the host and the first parenthesis.
Remote NFS clients can access the file systems exported depending on their access rights. The /etc/exports file is listed in the result section.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Operating System Detected |
1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.
| Operating System | Technique | ID |
| Red Hat Enterprise Linux Server 6.4 | Unix login | |
| Ubuntu / Linux 2.6.x | TCP/IP Fingerprint | U4856:22 |
| cpe:/o:redhat:red hat enterprise linux:6.4::server: | CPE |
| Expand | Severity | Title | Port/Service |
|
|
2
|
List of Java Related Packages |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Host Uptime Based on TCP TimeStamp Option |
Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Unix Users With root UserID |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Unix Users With root GroupID |
| Expand | Severity | Title | Port/Service |
|
|
2
|
List of Home Directories Associated with UserIDs |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Shared Resource List. |
| Expand | Severity | Title | Port/Service |
|
|
2
|
List of Valid Shells |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SU Logging |
| Expand | Severity | Title | Port/Service |
|
|
2
|
root Should Be Specified in Block List for FTP Users |
On Linux, Solaris and Mac - "/etc/ftpusers"
On HP-UX - "/etc/ftpd/ftpusers" or "/etc/ftpd/ftpaccess"
Note: On HP-UX, root permission is required to access /etc/ftpd/ftpusers file.
This vulnerability check requires read permission on above mentioned configuration files. Without permission this detection may give false results.
| Expand | Severity | Title | Port/Service |
|
|
1
|
DNS Host Name |
| IP address | Host name |
| 152.2.35.192 | s192.schsr.unc.edu |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Firewall Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Target Network Information |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Service Provider |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Traceroute |
| Hops | IP | Round Trip Time | Probe |
| 1 | 152.2.20.1 | 0.76ms | ICMP |
| 2 | 152.19.253.106 | 1.50ms | ICMP |
| 3 | 152.19.255.17 | 1.02ms | ICMP |
| 4 | 152.19.255.210 | 1.12ms | ICMP |
| 5 | 152.2.35.192 | 1.51ms | ICMP |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix Server Information |
| UName | Linux s192.schsr.unc.edu 2.6.32-358.0.1.el6.x86 64 #1 SMP Wed Feb 20 11:05:23 EST 2013 x86 64 x86 64 x86 64 GNU/Linux |
| Operating system | Linux |
| Red Hat Release | Red Hat Enterprise Linux Server release 6.4 (Santiago) |
| Product | Red Hat Enterprise Linux Server |
| Version | 6.4 |
| Vendor | Red Hat |
| CPU | x86 64 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Scan Time |
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Names Found |
| Host Name | Source |
| s192.schsr.unc.edu | FQDN |
| s192.schsr.unc.edu | System-configured |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Contents of /etc/issue File |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Network File System (NFS) Statistics |
The results section of this QID prints the NFS statistics.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux Kernel Version Running |
Red Hat Linux
Oracle Enterprise Linux
Suse
Fedora
Debian
Ubuntu
CentOS
| Expand | Severity | Title | Port/Service |
|
|
1
|
Installed Kernel rpm List for Red Hat and Oracle Enterprise Linux |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Contents of rsyslog.conf File |
ryslog.conf is backward compatible with sysklogd's syslog.conf file.
| Expand | Severity | Title | Port/Service |
|
|
1
|
"daemon.notice" Entry Missing in rsyslog.conf file |
daemon.notice [Tab] <path to logfile>
ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in the specified log file.
This entry was found to be missing from the rsyslog.conf file on the target.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Java Version Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Python Installed on Host |
Note: For Windows Systems
To get the exact version of Python installed on the target, look for the string followed by '#define PY_VERSION' in the result section. A target can have more than one version of Python installed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Java Runtime Environment 1.6 Installed |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Installed Packages on Unix and Linux Operating Systems |
Supported Unix or Linux Operating Systems:
RedHat Linux
CentOS
Suse
Fedora
Oracle Enterprise Linux
Debian
Ubuntu
IBM AIX
Solaris
Mac OS X
NOTE: If the system has more than 200 packages, this qid lists only first 200 packages.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Ruby Installed on Host |
Ruby is installed on target host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Protocol version 6 (IPv6) Enabled on Target Host |
This QID uses the registry key mentioned in Microsoft KB929852 to determine if IPv6 is enabled.
The detection works in the following way:
1) For Windows 2000,XP,2003
-- Check for existence of key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
2) For Windows Vista or 2008 or Windows 7 or Windows 8 or Windows Server 2012 and Windows RT:
-- It checks the value of "DisabledComponents" for key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
Note: This checks make use of Windows Management Instrumentation(WMI) to list IPv6 Addresses on target.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open TCP Services List |
The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).
| Port | IANA Assigned Ports/Services | Description | Service Detected | OS On Redirected Port |
| 22 | ssh | SSH Remote Login Protocol | ssh |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ICMP Replies Received |
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
| ICMP Reply Type | Triggered By | Additional Information |
| Unreachable (type=3 code=10) | (Various) | Destination Host Prohibited |
| Echo (type=0 code=0) | Echo Request | Echo Reply |
| Time Stamp (type=14 code=0) | Time Stamp Request | 09:21:15 GMT |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Degree of Randomness of TCP Initial Sequence Numbers |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IP ID Values Randomness |
Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix User List |
| Expand | Severity | Title | Port/Service |
|
|
1
|
"At" Command Configuration |
The superuser may use these commands in any case. For other users, permission to use the "at" command is determined by the files /etc/at.allow and /etc/at.deny.
If the file /etc/at.allow exists, only usernames mentioned in the file are allowed to use the "at" command. If /etc/at.allow does not exist, /etc/at.deny is checked, and every username not mentioned in it is then allowed to use the "at" command. If neither file exists, only the superuser is allowed use of the "at" command. An empty /etc/at.deny means that all users are allowed access. This is the default configuration.
Note: The Results section is formatted in the following way: It first lists the "ls -la" permissions of any /etc/at.allow or /etc/at.deny files on the target. If present, the contents of the files are "cat"ed (at.deny is typically empty, so it will show up as white space). If the "ls -la" line and the contents of the corresponding file are not shown, it means the file does not exist on the target.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - tcp_max_syn_backlog Value |
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.tcp_max_syn_backlog = 4096
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - rp_filter Value |
The conf/all/rp_filer value is boolean:
0 - No source validation.
1 - Do source validation.
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - accept_source_route Value |
The conf/all/accept_source_route value is boolean:
0 - Do not accept packets
1 - Accept packets
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - accept_redirects Value |
The conf/all/accept_redirects value is boolean:
0 - Do not accept ICMP redirect messages.
1 - Accept ICMP redirect messages.
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
| Expand | Severity | Title | Port/Service |
|
|
1
|
Linux - Network Parameter - secure_redirects Value |
The conf/all/secure_redirects value is boolean:
0 - Accept ICMP redirect messages from any host.
1 - Accept ICMP redirect messages from gateways listed in default gateway list.
This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix Environment Variables |
| Expand | Severity | Title | Port/Service |
|
|
1
|
File System Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Hard Drive Device Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Disk Usage Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Processor Information for Unix Target |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Memory Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
cron.allow File Does Not Exist |
The cron daemon runs shell commands at specified dates and times. It is executed upon system initialization and remains active while the system is operating in multi-user mode.
When the crontab command is invoked, it examines the files "cron.deny" and "cron.allow" in the system's cron directory to grant or revoke the modification of the crontab spool file. If a username appears in the "cron.allow" file, the crontab command may be executed. If that file does not exist and the user's name does not appear in the "cron.deny" file, then cron can be used.
| Expand | Severity | Title | Port/Service |
|
|
1
|
daemon.notice Entry Missing in syslog.conf |
daemon.notice[Tab]logfile
ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in a logfile. This entry was found to be missing from the syslog.conf file.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Kernel Routing Tables Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host File Information |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH daemon information retrieving | port 22/tcp |
For Red Hat ES 4:- SSH1 supported yes Supported authentification methods for SSH1 RSA,password Supported ciphers for SSH1 3des,blowfish SSH2 supported yes Supported keys exchange algorithm for SSH2 diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 Supported decryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported encryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr Supported decryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported encryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 Supported authentification methods for SSH2 publickey,gssapi-with-mic,password
| SSH1 supported | no |
| SSH2 supported | yes |
| Supported keys exchange algorithm for SSH2 | diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 |
| Supported decryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported encryption ciphers for SSH2 | aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se |
| Supported decryption mac for SSH2 | hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported encryption mac for SSH2 | hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 |
| Supported authentication methods for SSH2 | password, publickey |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSH Banner | port 22/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Unix Authentication Method | port 22/tcp |
Unix authentication is used to obtain remote access to different command line services such as SSH, telnet and rlogin. Specified credentials must include a user name and may include a password, an RSA private key and/or a DSA private key. When authenticating to target hosts that support SSH2, authentication is attempted in the following order: 1) RSA key, 2) DSA key and 3) user name and password. For target hosts that only support SSH1, only the supplied user name and password are used for authentication.
| User Name | monitor |
| Authentication Scheme | DSA Key |
| Protocol | SSH Version 2 |
| Discovery Method | Login credentials provided by user |
| Using sudo | No |
| Authentication Record | DSA Authentication |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Administrator Account's Password Does Not Expire |
Note that the Administrator account on the Domain Controller(s) will always have a password that does not expire, since the option check box in the properties dialog box for this account is greyed out.
Additional details can be found under QID 45031 "Accounts Enumerated From SAM Database Whose Passwords Do Not Expire."
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Windows win32k.sys Local Kernel Denial of Service Vulnerability - Zero Day |
Windows kernel is exposed to a denial of service vulnerability caused by an error in the Win32k.sys file. Specifically, the SfnINSTRING function is affected.
Affected Versions:
Microsoft Windows 2000, XP and 2003 32bit Operating Systems.
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSL Server Has SSLv2 Enabled Vulnerability | port 443/tcp over SSL |
There are known flaws in the SSLv2 protocol. A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages.
These flaws have been fixed in SSLv3 (or TLSv1). Most servers (including all popular Web servers, mail servers, etc.) and clients (including Web-clients like IE, Netscape Navigator and Mozilla and mail clients) support both SSLv2 and SSLv3. However, SSLv2 is enabled by default for backward compatibility.
The following link provides more information about this vulnerability:
Analysis of the SSL 3.0 Protocol
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line:
SSLNoV2
How to disable SSLv2 on IIS : Microsoft
Knowledge Base Article - 187498
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll :
Microsoft Knowledge Base Article - 245030
For IIS 7, refer to the article How to Disable SSL 2.0 in IIS 7 for further information.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Hidden RPC Services |
When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list. However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).
| Name | Program | Version | Protocol | Port |
| portmap/rpcbind | 100000 | 2 | tcp | 111 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Global User List |
| User Name | Source Vulnerability (QualysID) |
| Administrator | 45032, 45031 |
| hsl.guest | 90266, 45027, 45031 |
| SUPPORT_388945a0 | 45027, 45031 |
| ASPNET | 45031 |
| ILLiadAdmin | 45031 |
| IUSR_UNCHSL10 | 45031 |
| IWAM_UNCHSL10 | 45031 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
NetBIOS Name Accessible |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Default Windows Administrator Account Name Present |
Please note that if the scanner has been configured to use Windows Authentication and uses the local administrator account (as against a domain-admin account) to scan this target, the scanner will need to be reconfigured to use the new administrator account name instead.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure |
When an RDP client initiates a session with an RDP server, the server responds with a server certificate containing an RSA public key and its digital signature. The client decrypts the signature using the server's public key and compares the result with the hash of the new public key received from the server to verify the identity of the server.
The vulnerability presents itself because a private key that is used to sign the Terminal Server public key is hardcoded in "mstlsapi.dll". A subroutine of the "TLSInit" API dynamically creates, uses and de-allocates this key.
Workarounds:
- As there is no patch, this vulnerability should be mitigated by using some semblance of network filtering (e.g., firewalling RDP off from the open Internet).
For Windows Server 2003, the security of Terminal Server can be enhanced by configuring Terminal Services connections to use Transport Layer Security (TLS) 1.0 for server authentication, and to encrypt terminal server communications. Please refer to cc782610 to obtain additional details.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows GDI+ Remote Code Execution Vulnerability (MS09-062) |
Microsoft has released updates to address the following issues:
- A remote code execution vulnerability exists in the way that GDI+ allocates buffer size when handling WMF image files. The vulnerability could allow remote code execution if a user opens a specially crafted WMF image file or browses to a Web site that contains specially crafted content. (CVE-2009-2500)
- A remote code execution vulnerability exists in the way that GDI+ allocates memory. The vulnerability could allow remote code execution if a user opens a specially crafted PNG image file. (CVE-2009-2501)
- A remote code execution vulnerability exists in the way that GDI+ allocates memory. The vulnerability could allow remote code execution if a user opens a specially crafted TIFF file. (CVE-2009-2502, CVE-2009-2503)
- A remote code execution vulnerability exists in GDI+ that can allow a malicious Microsoft .NET application to gain unmanaged code execution privileges, this vulnerability is caused by an integer overflow in certain GDI+ APIs that are accessible from .NET Framework applications. (CVE-2009-2504)
- A remote code execution vulnerability exists in the way that GDI+ allocates memory. The vulnerability could allow remote code execution if a user opens a specially crafted PNG image file. (CVE-2009-3126)
- A remote code execution vulnerability exists in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file that includes a malformed object. (CVE-2009-2528)
- A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Office Documents containing BMP images. The vulnerability could allow remote code execution if an Outlook user opens a specially crafted e-mail or opens an Office Document with a malformed Bitmap file. (CVE-2009-2518)
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
October 2009 Security Database Updates are Available (KB958869)
Patch:
Following are links for downloading patches to fix the vulnerabilities:
MS09-062: Windows XP Service Pack 2 and Windows XP Service Pack 3
MS09-062: Windows XP Professional x64 Edition Service Pack 2
MS09-062: Windows Server 2003 Service Pack 2
MS09-062: Windows Server 2003 x64 Edition Service Pack 2
MS09-062: Windows Server 2003 with SP2 for Itanium-based Systems
MS09-062: Windows Vista and Windows Vista Service Pack 1
MS09-062: Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
MS09-062: Windows Server 2008 for 32-bit Systems
MS09-062: Windows Server 2008 for x64-based Systems
MS09-062: Windows Server 2008 for Itanium-based Systems
MS09-062: Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1)
MS09-062: Microsoft Windows 2000 Service Pack 4 (Microsoft .NET Framework 1.1 Service Pack 1)
MS09-062: Microsoft Windows 2000 Service Pack 4 (Microsoft .NET Framework 2.0 Service Pack 1)
MS09-062: Microsoft Windows 2000 Service Pack 4 (Microsoft .NET Framework 2.0 Service Pack 2)
MS09-062: Microsoft Office XP Service Pack 3
MS09-062: Microsoft Office 2003 Service Pack 3
MS09-062: 2007 Microsoft Office System Service Pack 1
MS09-062: 2007 Microsoft Office System Service Pack 2
MS09-062: Microsoft Office Project 2002 Service Pack 1
MS09-062: Microsoft Office Visio 2002 Service Pack 2
MS09-062: PowerPoint Viewer 2007 Service Pack 2
MS09-062: Microsoft Expression Web and Microsoft Expression Web 2
MS09-062: Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1
MS09-062: SQL Server 2000 Reporting Services Service Pack 2
MS09-062: SQL Server 2005 Service Pack 2
MS09-062: SQL Server 2005 Service Pack 2
MS09-062: SQL Server 2005 x64 Edition Service Pack 2
MS09-062: SQL Server 2005 x64 Edition Service Pack 2
MS09-062: SQL Server 2005 for Itanium-based Systems Service Pack 2
MS09-062: SQL Server 2005 for Itanium-based Systems Service Pack 2
MS09-062: SQL Server 2005 Service Pack 3
MS09-062: SQL Server 2005 Service Pack 3
MS09-062: SQL Server 2005 x64 Edition Service Pack 3
MS09-062: SQL Server 2005 x64 Edition Service Pack 3
MS09-062: SQL Server 2005 for Itanium-based Systems Service Pack 3
MS09-062: SQL Server 2005 for Itanium-based Systems Service Pack 3
MS09-062: Microsoft Visual Studio .NET 2003 Service Pack 1
MS09-062: Microsoft Visual Studio 2005 Service Pack 1
MS09-062: Microsoft Visual Studio 2008
MS09-062: Microsoft Visual Studio 2008 Service Pack 1
MS09-062: Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package
MS09-062: Microsoft Report Viewer 2008 Redistributable Package
MS09-062: Microsoft Report Viewer 2008 Redistributable Package Service Pack 1
MS09-062: Microsoft Visual FoxPro 8.0 Service Pack 1
MS09-062: Microsoft Visual FoxPro 9.0 Service Pack 2
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows User Accounts With Unchanged Passwords |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Remote Access or Management Service Detected |
The Results section includes information on the remote access service that was found on the target.
Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Accounts Enumerated From SAM Database Whose Passwords Do Not Expire |
| Expand | Severity | Title | Port/Service |
|
|
3
|
NetBIOS Bindings Information |
| Name | Service | NetBIOS Suffix |
| UNCHSL10 | Workstation Service | 0x0 |
| AD | Domain Name | 0x0 |
| UNCHSL10 | File Server Service | 0x20 |
| AD | Browser Service Elections | 0x1e |
| Expand | Severity | Title | Port/Service |
|
|
3
|
NetBIOS Shared Folders |
| Device Name | Comment | Type | Label | Size | Description |
| ADL | 0 | Sites | 75 GB | Disk (mounted) | |
| C$ | Default share | -2147483648 | |||
| NCHIO | 0 | Sites | 75 GB | Disk (mounted) | |
| inetpub | 0 | Sites | 75 GB | Disk (mounted) | |
| F$ | Default share | -2147483648 | |||
| IPC$ | Remote IPC | -2147483645 | |||
| ADMIN$ | Remote Admin | -2147483648 | |||
| D$ | Default share | -2147483648 | |||
| Production | 0 | Sites | 75 GB | Disk (mounted) | |
| E$ | -2147483648 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Hotfix KB2264107 (DLL hijacking) Installed |
Refer to Microsoft KB article 2264107 to obtain additional details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
KB2264107: Windows XP 32 bit Edition
KB2264107: Windows XP 64 bit Edition
KB2264107: Windows Server 2003 - 32 bit
KB2264107: Windows Server 2003 - 64 bit
KB2264107: Windows Vista - 32 bit
KB2264107: Windows Vista - 64 bit
KB2264107: Windows 2008-32 bit
KB2264107: Windows 2008-64 Bit
KB2264107: Windows Server 2008 R2 for Itanium-based Systems
KB2264107: Windows Server 2008 R2 for x64-based Systems
| Expand | Severity | Title | Port/Service |
|
|
2
|
Operating System Detected |
1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.
| Operating System | Technique | ID |
| Windows Server 2003 Service Pack 2 | Windows Registry | |
| Windows 2003 | TCP/IP Fingerprint | U1751:80 |
| Windows 2003/XP 64 bit Edition | NTLMSSP | |
| Windows Server 2003 3790 Service Pack 2/Windows Server 2003 5.2 | CIFS via TCP Port 445 | |
| cpe:/o:microsoft:windows 2003 server::sp2:: | CPE |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Effective Password Policy Information Gathering Via SAM Database |
Minimum Password Age in Days
Maximum Password Age in Days
Minimum Password Length in Characters
Password History (Number of old passwords remembered)
The policy is the effective policy, which is a combination of the local policy settings (if any) and the domain-wide policy settings made on the Domain Controller(s) for the domain.
This probe requires authentication to be successful.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Domain Effective Account Lockout Policy Information Gathered Via SAM Database |
It should be noted that if the Domain Controller/Active Directory on this domain enforces a policy as well, the Domain Controller policy will override the local policies (if any) of each host. Further, it takes up to a couple of minutes for changes on the Domain Controller policy to be propogated to all the individual hosts on that domain.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Open DCE-RPC / MS-RPC Services List |
| Description | Version | TCP Ports | UDP Ports | HTTP Ports | NetBIOS/CIFS Pipes |
| DCE Endpoint Mapper | 3.0 | \PIPE\epmapper | |||
| DCE Remote Management | 1.0 | \PIPE\epmapper | |||
| DCOM OXID Resolver | 0.0 | \PIPE\epmapper | |||
| DCOM Remote Activation | 0.0 | \PIPE\epmapper | |||
| DCOM System Activator | 0.0 | \PIPE\epmapper | |||
| Microsoft Event Log Service | 0.0 | \PIPE\eventlog | |||
| Microsoft Local Security Architecture | 0.0 | \PIPE\lsarpc | |||
| Microsoft Network Logon | 1.0 | \PIPE\NETLOGON | |||
| Microsoft Registry | 1.0 | \PIPE\winreg | |||
| Microsoft Scheduler Control Service | 1.0 | \PIPE\atsvc | |||
| Microsoft Security Account Manager | 1.0 | 1029 | \PIPE\samr, \PIPE\lsass | ||
| Microsoft Server Service | 3.0 | \PIPE\browser, \PIPE\srvsvc, \PIPE\wkssvc | |||
| Microsoft Service Control Service | 2.0 | \PIPE\svcctl | |||
| Microsoft Spool Subsystem | 1.0 | 1029 | \PIPE\lsass | ||
| Microsoft Task Scheduler | 1.0 | \PIPE\atsvc | |||
| Microsoft Workstation Service | 1.0 | \PIPE\wkssvc | |||
| RPC Browser | 0.0 | \PIPE\browser | |||
| WinHttp Auto-Proxy Service | 5.1 | \PIPE\W32TIME_ALT | |||
| RPC ROUTER SERVICE | 1.0 | \PIPE\ROUTER | |||
| Microsoft Workstation Service | 1.0 | \PIPE\BROWSER | |||
| ICF+ FW API | 1.0 | \PIPE\ROUTER, \pipe\trkwks, \PIPE\srvsvc, \pipe\keysvc, \PIPE\wkssvc, \PIPE\atsvc | |||
| Unimodem LRPC Endpoint | 1.0 | \pipe\tapsrv |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Real Name of Built-in Guest Account Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Registry Critical Keys Security Policy |
| ------------------------------------------------------------ | |||
| HKU\.Default | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Power_Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Administrators | access_allowed | generic_all full_control | |
| SYSTEM | access_allowed | generic_all full_control | |
| Creator_Owner | access_allowed | container_inherit=true inherit_only=true | generic_all |
| ------------------------------------------------------------ | |||
| HKU\.Default\Software\Microsoft\Protected Storage System Provider | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Power_Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Administrators | access_allowed | generic_all full_control | |
| SYSTEM | access_allowed | generic_all full_control | |
| Creator_Owner | access_allowed | container_inherit=true inherit_only=true | generic_all |
| ------------------------------------------------------------ | |||
| HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Power_Users | access_allowed | standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write | |
| Administrators | access_allowed | generic_all full_control | |
| SYSTEM | access_allowed | generic_all full_control | |
| Creator_Owner | access_allowed | container_inherit=true inherit_only=true | generic_all |
| Terminal_Server_Users | access_allowed | standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write | |
| ------------------------------------------------------------ | |||
| HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Power_Users | access_allowed | standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write | |
| Administrators | access_allowed | generic_all full_control | |
| SYSTEM | access_allowed | generic_all full_control | |
| Creator_Owner | access_allowed | container_inherit=true inherit_only=true | generic_all |
| Terminal_Server_Users | access_allowed | standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write | |
| ------------------------------------------------------------ | |||
| HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Power_Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Administrators | access_allowed | generic_all full_control | |
| SYSTEM | access_allowed | generic_all full_control | |
| Creator_Owner | access_allowed | container_inherit=true inherit_only=true | generic_all |
| ------------------------------------------------------------ | |||
| HKLM\SYSTEM\CurrentControlSet\Control\ContentIndex | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Power_Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Administrators | access_allowed | generic_all full_control | |
| SYSTEM | access_allowed | generic_all full_control | |
| Creator_Owner | access_allowed | container_inherit=true inherit_only=true | generic_all |
| ------------------------------------------------------------ | |||
| HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Power_Users | access_allowed | standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write | |
| Administrators | access_allowed | generic_all full_control | |
| SYSTEM | access_allowed | generic_all full_control | |
| Creator_Owner | access_allowed | container_inherit=true inherit_only=true | generic_all |
| Terminal_Server_Users | access_allowed | standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write | |
| ------------------------------------------------------------ | |||
| HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Power_Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Administrators | access_allowed | generic_all full_control | |
| SYSTEM | access_allowed | generic_all full_control | |
| Creator_Owner | access_allowed | container_inherit=true inherit_only=true | generic_all |
| ------------------------------------------------------------ | |||
| HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Power_Users | access_allowed | standard_read generic_read enum_subkeys notify query_value | |
| Administrators | access_allowed | generic_all full_control | |
| SYSTEM | access_allowed | generic_all full_control | |
| Creator_Owner | access_allowed | container_inherit=true inherit_only=true | generic_all |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Default Screen Saver Policy Enumerated |
HKEY_USERS\.DEFAULT\Control Panel\Desktop
| Expand | Severity | Title | Port/Service |
|
|
2
|
Administrator Group Members Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Open RPC Services List | port 111/tcp |
| program | version | protocol | port | name |
| 100000 | 2 | tcp | 7938 | rpcbind |
| 100000 | 2 | udp | 7938 | rpcbind |
| 390436 | 1 | tcp | 9079 | 390436 |
| 390435 | 1 | tcp | 9758 | 390435 |
| 390113 | 1 | tcp | 7937 | nsrexec |
| Expand | Severity | Title | Port/Service |
|
|
1
|
DNS Host Name |
| IP address | Host name |
| 152.2.37.8 | unchsl10.hsl.unc.edu |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Firewall Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Network Adapter MAC Address |
| Method | MAC Address | Vendor |
| NBTSTAT | 00:50:56:88:00:2D | VMWARE, INC. |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Target Network Information |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Service Provider |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Traceroute |
| Hops | IP | Round Trip Time | Probe |
| 1 | 152.2.20.1 | 0.55ms | ICMP |
| 2 | 152.19.253.106 | 1.08ms | ICMP |
| 3 | 152.2.255.17 | 1.07ms | ICMP |
| 4 | 152.2.255.210 | 1.09ms | ICMP |
| 5 | 152.2.37.8 | 0.89ms | ICMP |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Disabled Accounts Enumerated From SAM Database |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Administrator Account's Real Name Found From LSA Enumeration |
Windows systems by default have the administrator account's name configured as "Administrator". This can very easily be changed to a non-default value (like root, for example) to harden security against password bruteforcing.
LSA, internally, refers to user accounts by what are called RIDs (Relative IDs) instead of the friendlier names (like "Administrator") used only for GUI and display purposes. The administrator account on any Windows system always has a RID of 500, even if the name has been changed.
The scanner probed the LSA for the name that maps to the RID of 500, which is the administrator account name, changed or unchanged. The name is listed in the Result section below.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Scan Time |
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Names Found |
| Host Name | Source |
| UNCHSL10.hsl.unc.edu | NTLM DNS |
| unchsl10.hsl.unc.edu | FQDN |
| UNCHSL10 | NTLM NetBIOS |
| UNCHSL10 | NetBIOS |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Adobe Flash Player Version Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Authentication Method |
The service also attempts to authenticate using common credentials. You should verify that the credentials used for successful authentication were those that were provided in the Windows authentication record. User-provided credentials failed if the discovery method shows "Unable to log in using credentials provided by user, fallback to NULL session". If this is the case, verify that the credentials specified in the Windows authentication record are valid for this host.
| User Name | DOM qualys.scn |
| Domain | AD |
| Authentication Scheme | Kerberos |
| Security | User-based |
| SMBv1 Signing | Enabled |
| Discovery Method | Login credentials provided by user |
| Authentication Record | AD.UNC.EDU Credentials |
| CIFS Version | SMB v1 NT LM 0.12 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Authentication Method for User-Provided Credentials |
| User Name | DOM qualys.scn |
| Domain | AD |
| Authentication Scheme | Kerberos |
| Security | User-based |
| SMBv1 Signing | Enabled |
| Authentication Record | AD.UNC.EDU Credentials |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open UDP Services List |
Note that if the host is behind a firewall, there is a small chance that the list includes a few ports that are filtered or blocked by the firewall but are not actually open on the target host. This (false positive on UDP open ports) may happen when the firewall is configured to reject UDP packets for most (but not all) ports with an ICMP Port Unreachable packet. This may also happen when the firewall is configured to allow UDP packets for most (but not all) ports through and filter/block/drop UDP packets for only a few ports. Both cases are uncommon.
| Port | IANA Assigned Ports/Services | Description | Service Detected |
| 111 | sunrpc | SUN Remote Procedure Call | rpc udp |
| 137 | netbios-ns | NETBIOS Name Service | netbios ns |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open TCP Services List |
The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).
| Port | IANA Assigned Ports/Services | Description | Service Detected | OS On Redirected Port |
| 80 | www | World Wide Web HTTP | http | |
| 111 | sunrpc | SUN Remote Procedure Call | rpc | |
| 139 | netbios-ssn | NETBIOS Session Service | netbios ssn | |
| 443 | https | http protocol over TLS/SSL | http over ssl | |
| 445 | microsoft-ds | Microsoft-DS | microsoft-ds | |
| 3389 | ms-wbt-server | MS WBT Server | win remote desktop | |
| 5666 | unknown | unknown | unknown | |
| 7937 | unknown | unknown | rpc | |
| 7938 | unknown | unknown | rpc | |
| 9079 | unknown | unknown | rpc | |
| 9758 | unknown | unknown | rpc |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ICMP Replies Received |
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
| ICMP Reply Type | Triggered By | Additional Information |
| Echo (type=0 code=0) | Echo Request | Echo Reply |
| Expand | Severity | Title | Port/Service |
|
|
1
|
NetBIOS Host Name |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Degree of Randomness of TCP Initial Sequence Numbers |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IP ID Values Randomness |
Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
NetBIOS Workgroup Name Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Product Type |
| HKLM\Software\Microsoft\Windows NT\CurrentVersion | ||
| ProductName | = | Microsoft Windows Server 2003 |
| CurrentVersion | = | 5.2 |
| HKLM\SYSTEM\currentControlSet\Control\ProductOptions | ||
| ProductType | = | ServerNT |
| ProductSuite | = | {"Enterprise", "Terminal Server"} |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Registry Key Access Denied |
| HKLM\System\CurrentControlSet\Control\Session Manager\Environment\ |
| HKLM\System\CurrentControlSet\Control\Session Manager\ |
| HKLM\System\CurrentControlSet\Control\ |
| HKLM\System\CurrentControlSet\ |
| HKLM\System\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ |
| HKLM\SOFTWARE\Microsoft\Windows\ |
| HKLM\Software\Microsoft\ |
| HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6e1c7285-263b-431d-8b83-c3cbce301704}\ |
| HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ |
| HKLM\SOFTWARE\Microsoft\Internet Explorer\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bargain buddy\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\stashedgmg\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\stashedgmi\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\textwiz is1\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\web3000\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\xtractor\ |
| HKLM\SOFTWARE\Web3000.Com\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webhancer agent\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whsurvey\ |
| HKLM\SOFTWARE\Webhancer\ |
| HKLM\SOFTWARE\Timesink Inc.\ |
| HKLM\SOFTWARE\Conducent\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flexpak\ |
| HKLM\SOFTWARE\vgroup\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Radiate\ |
| HKLM\SOFTWARE\Classes\CLSID\{6d0bb051-a1a3-11d3-a67c-0050da2ce984}\ |
| HKLM\SOFTWARE\Classes\CLSID\ |
| HKLM\SOFTWARE\Classes\ |
| HKLM\SOFTWARE\Classes\TypeLib\{6d0bb056-a1a3-11d3-a67c-0050da2ce984}\ |
| HKLM\SOFTWARE\Classes\TypeLib\ |
| HKLM\SOFTWARE\Aureate\ |
| HKLM\SOFTWARE\Classes\anadscb.aadvb5\ |
| HKLM\SYSTEM\CurrentControlSet\Services\dx32hhec\ |
| HKLM\SYSTEM\CurrentControlSet\Services\ |
| HKLM\System\ControlSet001\enum\root\legacy iks\ |
| HKLM\System\ControlSet001\enum\root\ |
| HKLM\System\ControlSet001\enum\ |
| HKLM\System\ControlSet001\ |
| HKLM\System\ControlSet002\enum\root\legacy iks\ |
| HKLM\System\ControlSet002\enum\root\ |
| HKLM\System\ControlSet002\enum\ |
| HKLM\System\ControlSet002\ |
| HKLM\System\CurrentControlSet\enum\root\legacy iks\ |
| HKLM\System\CurrentControlSet\enum\root\ |
| HKLM\System\CurrentControlSet\enum\ |
| HKLM\System\ControlSet001\Services\iks\ |
| HKLM\System\ControlSet001\Services\ |
| HKLM\System\ControlSet002\Services\iks\ |
| HKLM\System\ControlSet002\Services\ |
| HKLM\System\CurrentControlSet\Services\iks\ |
| HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ |
| HKLM\Software\Microsoft\Windows NT\Currentversion\Winlogon\ |
| HKLM\SOFTWARE\Cult Of The Dead Cow\Back Orifice 2000\ |
| HKLM\SOFTWARE\Cult Of The Dead Cow\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ |
| HKLM\Software\Gator.com\Gator\dyn\ |
| HKLM\Software\Gator.com\Gator\ |
| HKLM\Software\Gator.com\ |
| HKLM\SOFTWARE\wildtangent\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WtWebDriver\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wtdmmp\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wcmdmgr.exe\ |
| HKLM\SOFTWARE\classes\clsid\{4e7bd74f-2b8d-469e-d3fa-f27ba787ad2d}\ |
| HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4e7bd74f-2b8d-469e-d3fa-f27ba787ad2d}\ |
| HKLM\SOFTWARE\Microsoft\code store database\distribution units\{6eb5b540-1e74-4d91-a7f0-5b758d333702}\ |
| HKLM\SOFTWARE\Microsoft\code store database\distribution units\ |
| HKLM\SOFTWARE\Microsoft\code store database\ |
| HKLM\SOFTWARE\Microsoft\Windows\currentversion\uninstall\msbb\ |
| HKLM\SOFTWARE\Microsoft\Windows\currentversion\uninstall\ncase\ |
| HKLM\SOFTWARE\Classes\180SAInstaller\.180SAInstaller\ |
| HKLM\SOFTWARE\Classes\180SAInstaller\ |
| HKLM\software\whenusave\ |
| HKLM\SOFTWARE\Microsoft\Windows\Currentversion\app management\arpcache\ipinsight\ |
| HKLM\SOFTWARE\Microsoft\Windows\Currentversion\app management\arpcache\ |
| HKLM\SOFTWARE\Microsoft\Windows\Currentversion\app management\ |
| HKLM\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\browser helper objects\{000004cc-e4ff-4f2c-bc30-dbef0b983bc9}\ |
| HKLM\SOFTWARE\Microsoft\Windows\Currentversion\uninstall\ipinsight\ |
| HKLM\SOFTWARE\Microsoft\Windows\Currentversion\uninstall\downloadware engine\ |
| HKLM\SOFTWARE\Microsoft\Windows\Currentversion\uninstall\medialoads installer\ |
| HKLM\SOFTWARE\Cydoor\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 202\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 253\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 270\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 277\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 314\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 319\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 336\ |
| HKLM\SYSTEM\CurrentControlSet\Services\EventNotification\ |
| HKLM\System\CurrentControlSet\Services\WksPatch\ |
| HKLM\Software\VirtualMDA\ |
| HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ |
| HKLM\SYSTEM\CurrentControlSet\Services\firewall\ |
| HKLM\SOFTWARE\Microsoft\Wireless\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ |
| HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}\ |
| HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ |
| HKLM\SOFTWARE\Microsoft\Active Setup\ |
| HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\ |
| HKLM\SYSTEM\CurrentControlSet\Services\WZDSVC\ |
| HKLM\SYSTEM\CurrentControlSet\Services\mousebm\ |
| HKLM\SYSTEM\CurrentControlSet\Services\mousemm\ |
| HKLM\SYSTEM\CurrentControlSet\Services\mousesync.exe\ |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}\ |
| HKLM\SYSTEM\CurrentControlSet\Services\pxlmdl\ |
| HKLM\SYSTEM\CurrentControlSet\Services\remon\ |
| HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ |
| HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ |
| HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ |
| HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ |
| HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ |
| HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\ |
| HKLM\SOFTWARE\Skavx\ |
| HKLM\SYSTEM\CurrentControlSet\Services\pe386\ |
| HKLM\SYSTEM\CurrentControlSet\Services\wgareg\ |
| HKLM\Software\Microsoft\OLE\ |
| HKLM\SYSTEM\CurrentControlSet\ControlSet\Control\Lsa\ |
| HKLM\SYSTEM\CurrentControlSet\ControlSet\Control\ |
| HKLM\SYSTEM\CurrentControlSet\ControlSet\ |
| HKLM\SYSTEM\CurrentControlSet\Services\wincom32\ |
| HKLM\Software\Microsoft\Windows\CurrentVersion\Applets\ |
| HKLM\SYSTEM\CurrentControlSet\Services\IrSvc\ |
| Skipped 2644 registry keys for which access was denied. |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows 2003 R2 Installed |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Network Level Authentication Disabled |
The registry key for the Network Level Authentication (NLA) is disabled.
Network Level Authentication is supported on Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2
As a precaution, always test in a QA or rehearsal environment before rolling out to production.
Note: Client computers that do not support Credential Security Support Provider (CredSSP) protocol will not be able to access servers protected with Network Level Authentication. Windows XP does not support the CredSSP protocol by default.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Registry Access Level |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows System EventLog Policy Parameters |
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System
RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the System EventLog.
MaxSize - This value specifies tha maximum size limit for the System EventLog database.
Retention - This value specifies the overwrite behavior for the System EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify number of days that eventlog entries are preserved before overwriting.
| HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System | ||
| MaxSize | = | 33554432 |
| Retention | = | 0 |
| RestrictGuestAccess | = | 1 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Application EventLog Policy Parameters |
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Application EventLog database.
MaxSize - This value specifies tha maximum size limit for the Application EventLog database.
Retention - This value specifies the overwrite behavior for the Application EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.
| HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application | ||
| MaxSize | = | 33554432 |
| Retention | = | 0 |
| RestrictGuestAccess | = | 1 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Security EventLog Policy Parameters |
RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Security EventLog.
MaxSize - This value specifies tha maximum size limit for the Security EventLog database.
Retention - This value specifies the overwrite behavior for the Security EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.
| HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security | ||
| MaxSize | = | 268435456 |
| Retention | = | 0 |
| RestrictGuestAccess | = | 1 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Builtin User Group Membership Audit - Backup Operators |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Builtin User Group Membership Audit - Replicator |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Builtin User Group Membership Audit - Network Configuration Operators |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ActiveX Controls Enumerated |
| Control: | {026371C0-1B7C-11CF-9D53-00AA003C9CB6} | DisplayName: | Microsoft UpDown Control, version 5.0 (SP2) | Version: | 1.1 |
| Control: | {06DD38D3-D187-11CF-A80D-00C04FD74AD8} | DisplayName: | ActiveXPlugin Object | Version: | 1.0 |
| Control: | {0713E8A2-850A-101B-AFC0-4210102A8DA7} | DisplayName: | Microsoft TreeView Control, version 5.0 (SP2) | Version: | 1.3 |
| Control: | {0713E8D2-850A-101B-AFC0-4210102A8DA7} | DisplayName: | Microsoft ProgressBar Control, version 5.0 (SP2) | Version: | 1.3 |
| Control: | {0996FF6F-B6A1-11D0-9292-00C04FB6678B} | DisplayName: | Microsoft Certificate Authority Control | Version: | 1.0 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Default Web Page | port 80/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Default Web Page | port 443/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 443/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| CIPHER | KEY-EXCHANGE | AUTHENTICATION | MAC | ENCRYPTION(KEY-STRENGTH) | GRADE |
| SSLv2 PROTOCOL IS ENABLED | |||||
| DES-CBC3-MD5 | RSA | RSA | MD5 | 3DES(168) | HIGH |
| RC4-MD5 | RSA | RSA | MD5 | RC4(128) | MEDIUM |
| RC2-CBC-MD5 | RSA | RSA | MD5 | RC2(128) | MEDIUM |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| SSLv3 PROTOCOL IS ENABLED | |||||
| SSLv3 | COMPRESSION METHOD | None | |||
| DES-CBC3-MD5 | RSA | RSA | MD5 | 3DES(168) | HIGH |
| RC4-MD5 | RSA | RSA | MD5 | RC4(128) | MEDIUM |
| RC2-CBC-MD5 | RSA | RSA | MD5 | RC2(128) | MEDIUM |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| DES-CBC3-SHA | RSA | RSA | SHA1 | 3DES(168) | HIGH |
| RC4-SHA | RSA | RSA | SHA1 | RC4(128) | MEDIUM |
| EXP1024-DES-CBC-SHA | RSA(1024) | RSA | SHA1 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP1024-RC4-SHA | RSA(1024) | RSA | SHA1 | RC4(56) | LOW |
| TLSv1 PROTOCOL IS ENABLED | |||||
| TLSv1 | COMPRESSION METHOD | None | |||
| DES-CBC3-MD5 | RSA | RSA | MD5 | 3DES(168) | HIGH |
| RC4-MD5 | RSA | RSA | MD5 | RC4(128) | MEDIUM |
| RC2-CBC-MD5 | RSA | RSA | MD5 | RC2(128) | MEDIUM |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| EXP-RC2-CBC-MD5 | RSA(512) | RSA | MD5 | RC2(40) | LOW |
| DES-CBC-MD5 | RSA | RSA | MD5 | DES(56) | LOW |
| DES-CBC3-SHA | RSA | RSA | SHA1 | 3DES(168) | HIGH |
| RC4-SHA | RSA | RSA | SHA1 | RC4(128) | MEDIUM |
| EXP1024-DES-CBC-SHA | RSA(1024) | RSA | SHA1 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP1024-RC4-SHA | RSA(1024) | RSA | SHA1 | RC4(56) | LOW |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 443/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL/TLS invalid protocol version tolerance | port 443/tcp over SSL |
| my version | target version |
| 0304 | 0301 |
| 0399 | 0301 |
| 0400 | 0301 |
| 0499 | 0301 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 443/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 443/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 04:7d:cc:55:8f:bd:91 |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| countryName | US |
| stateOrProvinceName | Arizona |
| localityName | Scottsdale |
| organizationName | "GoDaddy.com, Inc." |
| organizationalUnitName | http://certificates.godaddy.com/repository |
| commonName | Go Daddy Secure Certification Authority |
| serialNumber | 07969287 |
| (0)SUBJECT NAME | |
| organizationName | *.hsl.unc.edu |
| organizationalUnitName | Domain Control Validated |
| commonName | *.hsl.unc.edu |
| (0)Valid From | Jul 19 13:27:48 2011 GMT |
| (0)Valid Till | Jul 6 12:14:14 2014 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (2048 bit) |
| (0) | Public-Key: (2048 bit) |
| (0) | Modulus: |
| (0) | 00:ad:59:57:36:2f:21:09:19:be:22:98:5f:78:76: |
| (0) | ae:fc:8f:57:af:33:d7:2c:60:28:67:29:08:7c:8c: |
| (0) | 50:7c:08:aa:ab:0f:a3:85:8c:6b:e0:2c:59:44:6c: |
| (0) | d8:28:fc:2d:a1:77:b1:bc:90:22:92:da:f0:f2:6f: |
| (0) | 68:c9:1d:0d:4f:54:08:9c:e1:47:3a:1b:01:84:b0: |
| (0) | af:3d:79:db:6c:42:9c:79:9c:22:5a:55:ef:14:f3: |
| (0) | 0a:0b:f0:9e:e6:32:ae:f2:d1:1e:2c:86:27:a4:49: |
| (0) | 9e:a4:28:6b:83:56:5f:10:69:54:70:44:8b:1e:93: |
| (0) | f8:f3:07:41:4b:22:a6:e0:6c:98:7c:1d:f5:f8:92: |
| (0) | 8e:b7:b5:36:ee:41:c4:0d:a4:06:d0:b7:21:ca:d2: |
| (0) | cc:b1:5e:68:c8:72:e2:ee:32:e8:89:7f:23:d2:63: |
| (0) | ff:d1:54:1e:cf:e8:02:7e:b5:5d:92:8d:2a:6b:12: |
| (0) | e1:16:78:d9:28:a4:6e:c8:68:95:27:42:7d:12:d5: |
| (0) | d3:8f:27:5c:e8:73:b4:0f:29:d7:d8:aa:c0:6e:54: |
| (0) | 6d:44:39:a9:17:ac:7c:3f:f5:25:3d:85:fb:c7:fc: |
| (0) | ee:61:df:4e:2c:fe:31:b4:d2:06:78:c2:31:94:0d: |
| (0) | db:35:07:25:c9:e0:5a:1e:ba:3d:35:10:98:02:6d: |
| (0) | b2:83 |
| (0) | Exponent: 65537 (0x10001) |
| (0)X509v3 EXTENSIONS | |
| (0)X509v3 Basic Constraints | critical |
| (0) | CA:FALSE |
| (0)X509v3 Extended Key Usage | TLS Web Server Authentication, TLS Web Client Authentication |
| (0)X509v3 Key Usage | critical |
| (0) | Digital Signature, Key Encipherment |
| (0)X509v3 CRL Distribution Points | |
| (0) | Full Name: |
| (0) | URI:http://crl.godaddy.com/gds1-53.crl |
| (0)X509v3 Certificate Policies | Policy: 2.16.840.1.114413.1.7.23.1 |
| (0) | CPS: https://certs.godaddy.com/repository/ |
| (0)Authority Information Access | OCSP - URI:http://ocsp.godaddy.com/ |
| (0) | CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt |
| (0)X509v3 Authority Key Identifier | keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7 |
| (0)X509v3 Subject Alternative Name | DNS:*.hsl.unc.edu, DNS:hsl.unc.edu |
| (0)X509v3 Subject Key Identifier | D1:F4:C6:CD:D1:B3:E3:F6:FE:AC:48:D7:6A:43:79:2B:40:4B:45:06 |
| (0)Signature | (256 octets) |
| (0) | 01:84:b1:4a:28:df:b4:29:3c:6d:c7:d8:2a:a0:b3:39 |
| (0) | 9c:b6:49:78:f1:01:4c:35:79:a0:7d:22:7c:5f:c3:41 |
| (0) | 39:e6:25:5b:2c:f6:e7:ba:05:92:94:6a:78:d2:24:c8 |
| (0) | 78:4f:bb:84:a0:a1:0b:39:ea:f2:de:a4:aa:45:0f:17 |
| (0) | ec:9b:a3:74:a9:23:1f:92:64:12:58:c5:5d:8c:e1:b8 |
| (0) | 05:6b:55:ee:31:3e:d1:27:23:ff:60:e9:ce:f2:2c:98 |
| (0) | 0c:4e:74:d3:48:81:83:93:c5:96:b7:45:22:b6:e5:12 |
| (0) | 6f:b0:a1:80:29:37:92:c6:6e:65:03:3c:21:bc:fa:f4 |
| (0) | d9:dd:3e:e9:b6:af:ad:fa:7c:09:00:32:35:3b:60:c4 |
| (0) | f5:e3:8f:95:5e:0e:f4:e2:e6:72:6c:16:70:0d:c1:a4 |
| (0) | 3b:dc:5b:94:9d:20:67:89:ab:10:5b:c3:9c:7f:3b:4e |
| (0) | 30:0b:ab:ff:02:6c:02:de:20:a9:01:0d:fa:f2:8c:30 |
| (0) | 2e:1c:00:3e:90:8d:e8:72:2a:5b:1c:ef:3c:00:a8:a5 |
| (0) | 17:18:29:1a:00:87:51:62:c8:c4:b3:7a:b9:8f:6b:2d |
| (0) | 1e:9f:ca:af:6b:68:0f:c5:66:51:29:85:88:11:18:a1 |
| (0) | f9:d6:f5:0c:ce:18:0c:64:aa:87:33:05:d2:2e:63:c6 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
HTTP Methods Returned by OPTIONS Request | port 443/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft IIS Server Detected | port 443/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Web Server Version | port 443/tcp |
| Server Version | Server Banner |
| Microsoft-IIS/6.0 | Microsoft-IIS/6.0 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
List of Web Directories | port 443/tcp |
| Directory | Source |
| /scripts/ | brute force |
| brute force | |
| /news/ | brute force |
| /aspnet_client/ | brute force |
| /survey/ | brute force |
| /search/ | brute force |
| /CFIDE/ | brute force |
| /CFIDE | brute force |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Administrator Account's Password Does Not Expire |
Note that the Administrator account on the Domain Controller(s) will always have a password that does not expire, since the option check box in the properties dialog box for this account is greyed out.
Additional details can be found under QID 45031 "Accounts Enumerated From SAM Database Whose Passwords Do Not Expire."
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSL Server Has SSLv2 Enabled Vulnerability | port 443/tcp over SSL |
There are known flaws in the SSLv2 protocol. A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages.
These flaws have been fixed in SSLv3 (or TLSv1). Most servers (including all popular Web servers, mail servers, etc.) and clients (including Web-clients like IE, Netscape Navigator and Mozilla and mail clients) support both SSLv2 and SSLv3. However, SSLv2 is enabled by default for backward compatibility.
The following link provides more information about this vulnerability:
Analysis of the SSL 3.0 Protocol
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line:
SSLNoV2
How to disable SSLv2 on IIS : Microsoft
Knowledge Base Article - 187498
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll :
Microsoft Knowledge Base Article - 245030
For IIS 7, refer to the article How to Disable SSL 2.0 in IIS 7 for further information.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Hidden RPC Services |
When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list. However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).
| Name | Program | Version | Protocol | Port |
| portmap/rpcbind | 100000 | 2-4 | tcp | 111 |
| nfs | 100003 | 2-3 | tcp | 2049 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Global User List |
| User Name | Source Vulnerability (QualysID) |
| Administrator | 45032, 45031 |
| hsl.guest | 90266, 45027, 45031 |
| hsladmin | 45031 |
| ___VMware_Conv_SA___ | 105234 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
YP/NIS RPC Services Listening on Non-Privileged Ports |
Note that for NFS, any port other than 2049 is considered a non-privileged port.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
2
|
NFS RPC Services Listening on Non-Privileged Ports |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Default Windows Administrator Account Name Present |
Please note that if the scanner has been configured to use Windows Authentication and uses the local administrator account (as against a domain-admin account) to scan this target, the scanner will need to be reconfigured to use the new administrator account name instead.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure |
When an RDP client initiates a session with an RDP server, the server responds with a server certificate containing an RSA public key and its digital signature. The client decrypts the signature using the server's public key and compares the result with the hash of the new public key received from the server to verify the identity of the server.
The vulnerability presents itself because a private key that is used to sign the Terminal Server public key is hardcoded in "mstlsapi.dll". A subroutine of the "TLSInit" API dynamically creates, uses and de-allocates this key.
Workarounds:
- As there is no patch, this vulnerability should be mitigated by using some semblance of network filtering (e.g., firewalling RDP off from the open Internet).
For Windows Server 2003, the security of Terminal Server can be enhanced by configuring Terminal Services connections to use Transport Layer Security (TLS) 1.0 for server authentication, and to encrypt terminal server communications. Please refer to cc782610 to obtain additional details.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Unused Active Windows Accounts Found |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Account Brute Force Possible Through IIS NTLM Authentication Scheme | intranet.hsl.unc.edu:443/tcp |
If the host has an account lockout policy in place, a remote user may exploit this vulnerability to lockout a local user, provided that the name of the local user is known.
The account lockout policy does not apply to the administrator account. So if the host uses a default name of "Administrator" for the administrator account, the password brute force of this account is possible through the IIS authentication interface.
If the host does not have an account lockout policy in place, a remote user may exploit this vulnerability to brute force user passwords.
In addition, if the request has the NTLMSSP_REQUEST_TARGET flag on, the Web server may respond to the request with an NTLM challenge that contains sensitive host information, such as the Windows server and domain in which the authentication will be checked.
Workaround:
1) Disable NTLM authentication for your Web server. This can be done by unchecking "Integrated Windows Authentication" within "Authentication Method" under "Directory Security" in "Default Web Site Properties".
Note: If NTLM cannot be disabled, an alternative remediation option for this issue is to perform the following 2 actions:
1) Ensure an Account Lockout Policy is in place.
2) Ensure the Administrator Account has been renamed to something more unique.
A Lockout Policy will ensure an attacker does not have an unlimited amount of time and attempts to guess the password. The Admin Account needs to be renamed because by default the Lockout Policy does not apply to the Administrator Account.
| Expand | Severity | Title | Port/Service |
|
|
2
|
AutoComplete Attribute Not Disabled for Password in Form Based Authentication | intranet.hsl.unc.edu:443/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft IIS Authentication Method Disclosure Vulnerability | intranet.hsl.unc.edu:443/tcp |
When a valid authentication request is submitted (for either method) with an invalid username and password, an error message is returned. This happens even if anonymous access to the requested resource is allowed.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows User Accounts With Unchanged Passwords |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Remote Access or Management Service Detected |
The Results section includes information on the remote access service that was found on the target.
Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Accounts Enumerated From SAM Database Whose Passwords Do Not Expire |
| Expand | Severity | Title | Port/Service |
|
|
3
|
NetBIOS Shared Folders |
| Device Name | Comment | Type | Label | Size | Description |
| ADMIN$ | Remote Admin | -2147483648 | |||
| AdminColor | ADMINColor | 1 | |||
| adminfiles | 0 | ||||
| ADMINLaser | ADMINLaser | 1 | |||
| C$ | Default share | -2147483648 | |||
| CatalogLaser | CatalogLaser | 1 | |||
| CSLaser | CSLaser | 1 | |||
| D$ | -2147483648 | ||||
| Data | 0 | ||||
| G$ | Default share | -2147483648 | |||
| HSL6_IT | HSL6_IT | 1 | |||
| HSL6_LSLaser | HSL6_LSLaser | 1 | |||
| HSL6_pr02 | HSL6_pr02 | 1 | |||
| ILLLaser2 | ILLLaser2 | 1 | |||
| Intranet | 0 | ||||
| intranetfiles | 0 | ||||
| IPC$ | Remote IPC | -2147483645 | |||
| LJ2300 | deskjet printer for ConnectCarolina, fines, lost books, etc. | 1 | |||
| print$ | Printer Drivers | 0 | |||
| prnproc$ | Printer Drivers | 0 | |||
| RMSLASER | RMSLASER | 1 | |||
| Scripts | 0 | ||||
| USCLaser | USCLaser | 1 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Operating System Detected |
1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.
| Operating System | Technique | ID | |
| Windows 2008 Service Pack 2 | CIFS via TCP Port 445 | ||
| Windows Vista / Windows 2008 | TCP/IP Fingerprint | U3414:80 | |
| Windows 2003/XP/Vista/2008 | MS-RPC | Fingerprint | |
| Windows 2008/Vista | NTLMSSP |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Effective Password Policy Information Gathering Via SAM Database |
Minimum Password Age in Days
Maximum Password Age in Days
Minimum Password Length in Characters
Password History (Number of old passwords remembered)
The policy is the effective policy, which is a combination of the local policy settings (if any) and the domain-wide policy settings made on the Domain Controller(s) for the domain.
This probe requires authentication to be successful.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Domain Effective Account Lockout Policy Information Gathered Via SAM Database |
It should be noted that if the Domain Controller/Active Directory on this domain enforces a policy as well, the Domain Controller policy will override the local policies (if any) of each host. Further, it takes up to a couple of minutes for changes on the Domain Controller policy to be propogated to all the individual hosts on that domain.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Open DCE-RPC / MS-RPC Services List |
| Description | Version | TCP Ports | UDP Ports | HTTP Ports | NetBIOS/CIFS Pipes |
| DCE Endpoint Mapper | 3.0 | 135 | \PIPE\epmapper | ||
| DCE Remote Management | 1.0 | \PIPE\epmapper | |||
| DCOM OXID Resolver | 0.0 | 135 | \PIPE\epmapper | ||
| DCOM Remote Activation | 0.0 | 135 | \PIPE\epmapper | ||
| DCOM System Activator | 0.0 | 135 | \PIPE\epmapper | ||
| Microsoft Event Log Service | 0.0 | \PIPE\eventlog | |||
| Microsoft Local Security Architecture | 0.0 | \PIPE\lsarpc | |||
| Microsoft Network Logon | 1.0 | \PIPE\NETLOGON | |||
| Microsoft Registry | 1.0 | \PIPE\winreg | |||
| Microsoft Scheduler Control Service | 1.0 | \PIPE\atsvc | |||
| Microsoft Security Account Manager | 1.0 | 49155 | \PIPE\samr, \pipe\lsass | ||
| Microsoft Server Service | 3.0 | \PIPE\srvsvc | |||
| Microsoft Service Control Service | 2.0 | 57886 | \PIPE\svcctl | ||
| Microsoft Spool Subsystem | 1.0 | \PIPE\spoolss | |||
| Microsoft Task Scheduler | 1.0 | \PIPE\atsvc | |||
| Microsoft Workstation Service | 1.0 | \PIPE\wkssvc | |||
| (Unknown Service) | 1.0 | 135 | |||
| (Unknown Service) | 0.0 | 135 | |||
| (Unknown Service) | 2.0 | 135 | |||
| RPC ROUTER SERVICE | 1.0 | \PIPE\ROUTER | |||
| Microsoft Spool Subsystem | 1.0 | \PIPE\SPOOLSS | |||
| (Unknown Service) | 1.0 | 49152 | \PIPE\InitShutdown | ||
| (Unknown Service) | 1.0 | \PIPE\InitShutdown | |||
| Impl friendly name | 1.0 | 49154 | \pipe\lsass, \PIPE\srvsvc, \PIPE\atsvc | ||
| Event log TCPIP | 1.0 | 49153 | \pipe\eventlog | ||
| (Unknown Service) | 1.0 | 49154 | \PIPE\srvsvc, \PIPE\atsvc | ||
| IKE/Authip API | 1.0 | 49154 | \PIPE\atsvc | ||
| (Unknown Service) | 1.0 | 49154 | \PIPE\atsvc | ||
| Spooler function endpoint | 1.0 | 57828 | \pipe\spoolss | ||
| Spooler base remote object endpoint | 1.0 | 57828 | \pipe\spoolss | ||
| Unimodem LRPC Endpoint | 1.0 | \pipe\tapsrv |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Host Uptime Based on TCP TimeStamp Option |
Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Real Name of Built-in Guest Account Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Open RPC Services List | port 111/tcp |
| program | version | protocol | port | name |
| 100000 | 2 | udp | 111 | rpcbind |
| 100000 | 3 | udp | 111 | rpcbind |
| 100000 | 4 | udp | 111 | rpcbind |
| 100000 | 2 | tcp | 111 | rpcbind |
| 100000 | 3 | tcp | 111 | rpcbind |
| 100000 | 4 | tcp | 111 | rpcbind |
| 390436 | 1 | tcp | 8939 | 390436 |
| 390435 | 1 | tcp | 8686 | 390435 |
| 390113 | 1 | tcp | 7937 | nsrexec |
| 100005 | 1 | tcp | 1048 | mountd |
| 100005 | 2 | tcp | 1048 | mountd |
| 100005 | 3 | tcp | 1048 | mountd |
| 100005 | 1 | udp | 1048 | mountd |
| 100005 | 2 | udp | 1048 | mountd |
| 100005 | 3 | udp | 1048 | mountd |
| 100021 | 1 | tcp | 1047 | nlockmgr |
| 100021 | 2 | tcp | 1047 | nlockmgr |
| 100021 | 3 | tcp | 1047 | nlockmgr |
| 100021 | 4 | tcp | 1047 | nlockmgr |
| 100021 | 1 | udp | 1047 | nlockmgr |
| 100021 | 2 | udp | 1047 | nlockmgr |
| 100021 | 3 | udp | 1047 | nlockmgr |
| 100021 | 4 | udp | 1047 | nlockmgr |
| 100024 | 1 | tcp | 1039 | status |
| 100024 | 1 | udp | 1039 | status |
| 100003 | 2 | tcp | 2049 | nfs |
| 100003 | 3 | tcp | 2049 | nfs |
| 100003 | 2 | udp | 2049 | nfs |
| 100003 | 3 | udp | 2049 | nfs |
| Expand | Severity | Title | Port/Service |
|
|
1
|
DNS Host Name |
| IP address | Host name |
| 152.2.37.241 | intranet.hsl.unc.edu |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Firewall Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Target Network Information |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Service Provider |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Traceroute |
| Hops | IP | Round Trip Time | Probe |
| 1 | 152.2.20.1 | 0.50ms | ICMP |
| 2 | 152.19.253.106 | 1.03ms | ICMP |
| 3 | 152.19.255.17 | 1.09ms | ICMP |
| 4 | 152.19.255.210 | 1.20ms | ICMP |
| 5 | 152.2.37.241 | 0.96ms | ICMP |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Disabled Accounts Enumerated From SAM Database |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Administrator Account's Real Name Found From LSA Enumeration |
Windows systems by default have the administrator account's name configured as "Administrator". This can very easily be changed to a non-default value (like root, for example) to harden security against password bruteforcing.
LSA, internally, refers to user accounts by what are called RIDs (Relative IDs) instead of the friendlier names (like "Administrator") used only for GUI and display purposes. The administrator account on any Windows system always has a RID of 500, even if the name has been changed.
The scanner probed the LSA for the name that maps to the RID of 500, which is the administrator account name, changed or unchanged. The name is listed in the Result section below.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Scan Time |
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Names Found |
| Host Name | Source |
| HSL6.hsl.unc.edu | NTLM DNS |
| intranet.hsl.unc.edu | FQDN |
| HSL6 | NTLM NetBIOS |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Authentication Method |
The service also attempts to authenticate using common credentials. You should verify that the credentials used for successful authentication were those that were provided in the Windows authentication record. User-provided credentials failed if the discovery method shows "Unable to log in using credentials provided by user, fallback to NULL session". If this is the case, verify that the credentials specified in the Windows authentication record are valid for this host.
| User Name | DOM qualys.scn |
| Domain | AD |
| Authentication Scheme | Kerberos |
| Security | User-based |
| SMBv1 Signing | Enabled |
| Discovery Method | Login credentials provided by user |
| Authentication Record | AD.UNC.EDU Credentials |
| CIFS Version | SMB v2.002 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Authentication Method for User-Provided Credentials |
| User Name | DOM qualys.scn |
| Domain | AD |
| Authentication Scheme | Kerberos |
| Security | User-based |
| SMBv1 Signing | Enabled |
| Authentication Record | AD.UNC.EDU Credentials |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open TCP Services List |
The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).
| Port | IANA Assigned Ports/Services | Description | Service Detected | OS On Redirected Port |
| 80 | www | World Wide Web HTTP | http | |
| 111 | sunrpc | SUN Remote Procedure Call | rpc | |
| 135 | msrpc-epmap | epmap DCE endpoint resolution | DCERPC Endpoint Mapper | |
| 443 | https | http protocol over TLS/SSL | http over ssl | |
| 445 | microsoft-ds | Microsoft-DS | microsoft-ds | |
| 1039 | unknown | unknown | rpc | |
| 1047 | neod1 | Sun's NEO Object Request Broker | rpc | |
| 1048 | neod2 | Sun's NEO Object Request Broker | rpc | |
| 2049 | nfs | Network File System - Sun Microsystems | rpc | |
| 3389 | ms-wbt-server | MS WBT Server | win remote desktop | |
| 5666 | unknown | unknown | unknown | |
| 7937 | unknown | unknown | rpc | |
| 7938 | unknown | unknown | rpc | |
| 8686 | unknown | unknown | rpc | |
| 8939 | unknown | unknown | rpc | |
| 57828 | unknown | unknown | unknown |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ICMP Replies Received |
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
| ICMP Reply Type | Triggered By | Additional Information |
| Echo (type=0 code=0) | Echo Request | Echo Reply |
| Expand | Severity | Title | Port/Service |
|
|
1
|
NetBIOS Host Name |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Degree of Randomness of TCP Initial Sequence Numbers |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IP ID Values Randomness |
Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Registry Key Access Denied |
| HKLM\Software\Microsoft\Windows NT\CurrentVersion\ |
| HKLM\Software\Microsoft\Windows NT\ |
| HKLM\Software\Microsoft\ |
| HKLM\Software\ |
| HKLM\Software\Microsoft\Windows\CurrentVersion\ |
| HKLM\Software\Microsoft\Windows\ |
| HKLM\SYSTEM\CurrentControlSet\Services\Qualys non existing key\ |
| HKLM\SYSTEM\CurrentControlSet\Services\ |
| HKLM\SYSTEM\CurrentControlSet\ |
| HKLM\SYSTEM\ |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Network Level Authentication Disabled |
The registry key for the Network Level Authentication (NLA) is disabled.
Network Level Authentication is supported on Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2
As a precaution, always test in a QA or rehearsal environment before rolling out to production.
Note: Client computers that do not support Credential Security Support Provider (CredSSP) protocol will not be able to access servers protected with Network Level Authentication. Windows XP does not support the CredSSP protocol by default.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Default Web Page | port 80/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Default Web Page | port 443/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 443/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| CIPHER | KEY-EXCHANGE | AUTHENTICATION | MAC | ENCRYPTION(KEY-STRENGTH) | GRADE |
| SSLv2 PROTOCOL IS ENABLED | |||||
| DES-CBC3-MD5 | RSA | RSA | MD5 | 3DES(168) | HIGH |
| RC4-MD5 | RSA | RSA | MD5 | RC4(128) | MEDIUM |
| SSLv3 PROTOCOL IS ENABLED | |||||
| SSLv3 | COMPRESSION METHOD | None | |||
| DES-CBC3-MD5 | RSA | RSA | MD5 | 3DES(168) | HIGH |
| RC4-MD5 | RSA | RSA | MD5 | RC4(128) | MEDIUM |
| DES-CBC3-SHA | RSA | RSA | SHA1 | 3DES(168) | HIGH |
| RC4-SHA | RSA | RSA | SHA1 | RC4(128) | MEDIUM |
| TLSv1 PROTOCOL IS ENABLED | |||||
| TLSv1 | COMPRESSION METHOD | None | |||
| DES-CBC3-MD5 | RSA | RSA | MD5 | 3DES(168) | HIGH |
| RC4-MD5 | RSA | RSA | MD5 | RC4(128) | MEDIUM |
| DES-CBC3-SHA | RSA | RSA | SHA1 | 3DES(168) | HIGH |
| RC4-SHA | RSA | RSA | SHA1 | RC4(128) | MEDIUM |
| ECDHE-RSA-AES256-SHA | ECDH | RSA | SHA1 | AES(256) | HIGH |
| AES256-SHA | RSA | RSA | SHA1 | AES(256) | HIGH |
| ECDHE-RSA-AES128-SHA | ECDH | RSA | SHA1 | AES(128) | MEDIUM |
| AES128-SHA | RSA | RSA | SHA1 | AES(128) | MEDIUM |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 443/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL/TLS invalid protocol version tolerance | port 443/tcp over SSL |
| my version | target version |
| 0304 | 0301 |
| 0399 | 0301 |
| 0400 | 0301 |
| 0499 | 0301 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 443/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 443/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 04:7d:cc:55:8f:bd:91 |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| countryName | US |
| stateOrProvinceName | Arizona |
| localityName | Scottsdale |
| organizationName | "GoDaddy.com, Inc." |
| organizationalUnitName | http://certificates.godaddy.com/repository |
| commonName | Go Daddy Secure Certification Authority |
| serialNumber | 07969287 |
| (0)SUBJECT NAME | |
| organizationName | *.hsl.unc.edu |
| organizationalUnitName | Domain Control Validated |
| commonName | *.hsl.unc.edu |
| (0)Valid From | Jul 19 13:27:48 2011 GMT |
| (0)Valid Till | Jul 6 12:14:14 2014 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (2048 bit) |
| (0) | Public-Key: (2048 bit) |
| (0) | Modulus: |
| (0) | 00:ad:59:57:36:2f:21:09:19:be:22:98:5f:78:76: |
| (0) | ae:fc:8f:57:af:33:d7:2c:60:28:67:29:08:7c:8c: |
| (0) | 50:7c:08:aa:ab:0f:a3:85:8c:6b:e0:2c:59:44:6c: |
| (0) | d8:28:fc:2d:a1:77:b1:bc:90:22:92:da:f0:f2:6f: |
| (0) | 68:c9:1d:0d:4f:54:08:9c:e1:47:3a:1b:01:84:b0: |
| (0) | af:3d:79:db:6c:42:9c:79:9c:22:5a:55:ef:14:f3: |
| (0) | 0a:0b:f0:9e:e6:32:ae:f2:d1:1e:2c:86:27:a4:49: |
| (0) | 9e:a4:28:6b:83:56:5f:10:69:54:70:44:8b:1e:93: |
| (0) | f8:f3:07:41:4b:22:a6:e0:6c:98:7c:1d:f5:f8:92: |
| (0) | 8e:b7:b5:36:ee:41:c4:0d:a4:06:d0:b7:21:ca:d2: |
| (0) | cc:b1:5e:68:c8:72:e2:ee:32:e8:89:7f:23:d2:63: |
| (0) | ff:d1:54:1e:cf:e8:02:7e:b5:5d:92:8d:2a:6b:12: |
| (0) | e1:16:78:d9:28:a4:6e:c8:68:95:27:42:7d:12:d5: |
| (0) | d3:8f:27:5c:e8:73:b4:0f:29:d7:d8:aa:c0:6e:54: |
| (0) | 6d:44:39:a9:17:ac:7c:3f:f5:25:3d:85:fb:c7:fc: |
| (0) | ee:61:df:4e:2c:fe:31:b4:d2:06:78:c2:31:94:0d: |
| (0) | db:35:07:25:c9:e0:5a:1e:ba:3d:35:10:98:02:6d: |
| (0) | b2:83 |
| (0) | Exponent: 65537 (0x10001) |
| (0)X509v3 EXTENSIONS | |
| (0)X509v3 Basic Constraints | critical |
| (0) | CA:FALSE |
| (0)X509v3 Extended Key Usage | TLS Web Server Authentication, TLS Web Client Authentication |
| (0)X509v3 Key Usage | critical |
| (0) | Digital Signature, Key Encipherment |
| (0)X509v3 CRL Distribution Points | |
| (0) | Full Name: |
| (0) | URI:http://crl.godaddy.com/gds1-53.crl |
| (0)X509v3 Certificate Policies | Policy: 2.16.840.1.114413.1.7.23.1 |
| (0) | CPS: https://certs.godaddy.com/repository/ |
| (0)Authority Information Access | OCSP - URI:http://ocsp.godaddy.com/ |
| (0) | CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt |
| (0)X509v3 Authority Key Identifier | keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7 |
| (0)X509v3 Subject Alternative Name | DNS:*.hsl.unc.edu, DNS:hsl.unc.edu |
| (0)X509v3 Subject Key Identifier | D1:F4:C6:CD:D1:B3:E3:F6:FE:AC:48:D7:6A:43:79:2B:40:4B:45:06 |
| (0)Signature | (256 octets) |
| (0) | 01:84:b1:4a:28:df:b4:29:3c:6d:c7:d8:2a:a0:b3:39 |
| (0) | 9c:b6:49:78:f1:01:4c:35:79:a0:7d:22:7c:5f:c3:41 |
| (0) | 39:e6:25:5b:2c:f6:e7:ba:05:92:94:6a:78:d2:24:c8 |
| (0) | 78:4f:bb:84:a0:a1:0b:39:ea:f2:de:a4:aa:45:0f:17 |
| (0) | ec:9b:a3:74:a9:23:1f:92:64:12:58:c5:5d:8c:e1:b8 |
| (0) | 05:6b:55:ee:31:3e:d1:27:23:ff:60:e9:ce:f2:2c:98 |
| (0) | 0c:4e:74:d3:48:81:83:93:c5:96:b7:45:22:b6:e5:12 |
| (0) | 6f:b0:a1:80:29:37:92:c6:6e:65:03:3c:21:bc:fa:f4 |
| (0) | d9:dd:3e:e9:b6:af:ad:fa:7c:09:00:32:35:3b:60:c4 |
| (0) | f5:e3:8f:95:5e:0e:f4:e2:e6:72:6c:16:70:0d:c1:a4 |
| (0) | 3b:dc:5b:94:9d:20:67:89:ab:10:5b:c3:9c:7f:3b:4e |
| (0) | 30:0b:ab:ff:02:6c:02:de:20:a9:01:0d:fa:f2:8c:30 |
| (0) | 2e:1c:00:3e:90:8d:e8:72:2a:5b:1c:ef:3c:00:a8:a5 |
| (0) | 17:18:29:1a:00:87:51:62:c8:c4:b3:7a:b9:8f:6b:2d |
| (0) | 1e:9f:ca:af:6b:68:0f:c5:66:51:29:85:88:11:18:a1 |
| (0) | f9:d6:f5:0c:ce:18:0c:64:aa:87:33:05:d2:2e:63:c6 |
| (1)CERTIFICATE 1 | |
| (1)Version | 3 (0x2) |
| (1)Serial Number | 769 (0x301) |
| (1)Signature Algorithm | sha1WithRSAEncryption |
| (1)ISSUER NAME | |
| countryName | US |
| organizationName | "The Go Daddy Group, Inc." |
| organizationalUnitName | Go Daddy Class 2 Certification Authority |
| (1)SUBJECT NAME | |
| countryName | US |
| stateOrProvinceName | Arizona |
| localityName | Scottsdale |
| organizationName | "GoDaddy.com, Inc." |
| organizationalUnitName | http://certificates.godaddy.com/repository |
| commonName | Go Daddy Secure Certification Authority |
| serialNumber | 07969287 |
| (1)Valid From | Nov 16 01:54:37 2006 GMT |
| (1)Valid Till | Nov 16 01:54:37 2026 GMT |
| (1)Public Key Algorithm | rsaEncryption |
| (1)RSA Public Key | (2048 bit) |
| (1) | Public-Key: (2048 bit) |
| (1) | Modulus: |
| (1) | 00:c4:2d:d5:15:8c:9c:26:4c:ec:32:35:eb:5f:b8: |
| (1) | 59:01:5a:a6:61:81:59:3b:70:63:ab:e3:dc:3d:c7: |
| (1) | 2a:b8:c9:33:d3:79:e4:3a:ed:3c:30:23:84:8e:b3: |
| (1) | 30:14:b6:b2:87:c3:3d:95:54:04:9e:df:99:dd:0b: |
| (1) | 25:1e:21:de:65:29:7e:35:a8:a9:54:eb:f6:f7:32: |
| (1) | 39:d4:26:55:95:ad:ef:fb:fe:58:86:d7:9e:f4:00: |
| (1) | 8d:8c:2a:0c:bd:42:04:ce:a7:3f:04:f6:ee:80:f2: |
| (1) | aa:ef:52:a1:69:66:da:be:1a:ad:5d:da:2c:66:ea: |
| (1) | 1a:6b:bb:e5:1a:51:4a:00:2f:48:c7:98:75:d8:b9: |
| (1) | 29:c8:ee:f8:66:6d:0a:9c:b3:f3:fc:78:7c:a2:f8: |
| (1) | a3:f2:b5:c3:f3:b9:7a:91:c1:a7:e6:25:2e:9c:a8: |
| (1) | ed:12:65:6e:6a:f6:12:44:53:70:30:95:c3:9c:2b: |
| (1) | 58:2b:3d:08:74:4a:f2:be:51:b0:bf:87:d0:4c:27: |
| (1) | 58:6b:b5:35:c5:9d:af:17:31:f8:0b:8f:ee:ad:81: |
| (1) | 36:05:89:08:98:cf:3a:af:25:87:c0:49:ea:a7:fd: |
| (1) | 67:f7:45:8e:97:cc:14:39:e2:36:85:b5:7e:1a:37: |
| (1) | fd:16:f6:71:11:9a:74:30:16:fe:13:94:a3:3f:84: |
| (1) | 0d:4f |
| (1) | Exponent: 65537 (0x10001) |
| (1)X509v3 EXTENSIONS | |
| (1)X509v3 Subject Key Identifier | FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7 |
| (1)X509v3 Authority Key Identifier | keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 |
| (1)X509v3 Basic Constraints | critical |
| (1) | CA:TRUE, pathlen:0 |
| (1)Authority Information Access | OCSP - URI:http://ocsp.godaddy.com |
| (1)X509v3 CRL Distribution Points | |
| (1) | Full Name: |
| (1) | URI:http://certificates.godaddy.com/repository/gdroot.crl |
| (1)X509v3 Certificate Policies | Policy: X509v3 Any Policy |
| (1) | CPS: http://certificates.godaddy.com/repository |
| (1)X509v3 Key Usage | critical |
| (1) | Certificate Sign, CRL Sign |
| (1)Signature | (256 octets) |
| (1) | d2:86:c0:ec:bd:f9:a1:b6:67:ee:66:0b:a2:06:3a:04 |
| (1) | 50:8e:15:72:ac:4a:74:95:53:cb:37:cb:44:49:ef:07 |
| (1) | 90:6b:33:d9:96:f0:94:56:a5:13:30:05:3c:85:32:21 |
| (1) | 7b:c9:c7:0a:a8:24:a4:90:de:46:d3:25:23:14:03:67 |
| (1) | c2:10:d6:6f:0f:5d:7b:7a:cc:9f:c5:58:2a:c1:c4:9e |
| (1) | 21:a8:5a:f3:ac:a4:46:f3:9e:e4:63:cb:2f:90:a4:29 |
| (1) | 29:01:d9:72:2c:29:df:37:01:27:bc:4f:ee:68:d3:21 |
| (1) | 8f:c0:b3:e4:f5:09:ed:d2:10:aa:53:b4:be:f0:cc:59 |
| (1) | 0b:d6:3b:96:1c:95:24:49:df:ce:ec:fd:a7:48:91:14 |
| (1) | 45:0e:3a:36:6f:da:45:b3:45:a2:41:c9:d4:d7:44:4e |
| (1) | 3e:b9:74:76:d5:a2:13:55:2c:c6:87:a3:b5:99:ac:06 |
| (1) | 84:87:7f:75:06:fc:bf:14:4c:0e:cc:6e:c4:df:3d:b7 |
| (1) | 12:71:f4:e8:f1:51:40:22:28:49:e0:1d:4b:87:a8:34 |
| (1) | cc:06:a2:dd:12:5a:d1:86:36:64:03:35:6f:6f:77:6e |
| (1) | eb:f2:85:50:98:5e:ab:03:53:ad:91:23:63:1f:16:9c |
| (1) | cd:b9:b2:05:63:3a:e1:f4:68:1b:17:05:35:95:53:ee |
| (2)CERTIFICATE 2 | |
| (2)Version | 3 (0x2) |
| (2)Serial Number | 269 (0x10d) |
| (2)Signature Algorithm | sha1WithRSAEncryption |
| (2)ISSUER NAME | |
| localityName | ValiCert Validation Network |
| organizationName | "ValiCert, Inc." |
| organizationalUnitName | ValiCert Class 2 Policy Validation Authority |
| commonName | http://www.valicert.com/ |
| emailAddress | info@valicert.com |
| (2)SUBJECT NAME | |
| countryName | US |
| organizationName | "The Go Daddy Group, Inc." |
| organizationalUnitName | Go Daddy Class 2 Certification Authority |
| (2)Valid From | Jun 29 17:06:20 2004 GMT |
| (2)Valid Till | Jun 29 17:06:20 2024 GMT |
| (2)Public Key Algorithm | rsaEncryption |
| (2)RSA Public Key | (2048 bit) |
| (2) | Public-Key: (2048 bit) |
| (2) | Modulus: |
| (2) | 00:de:9d:d7:ea:57:18:49:a1:5b:eb:d7:5f:48:86: |
| (2) | ea:be:dd:ff:e4:ef:67:1c:f4:65:68:b3:57:71:a0: |
| (2) | 5e:77:bb:ed:9b:49:e9:70:80:3d:56:18:63:08:6f: |
| (2) | da:f2:cc:d0:3f:7f:02:54:22:54:10:d8:b2:81:d4: |
| (2) | c0:75:3d:4b:7f:c7:77:c3:3e:78:ab:1a:03:b5:20: |
| (2) | 6b:2f:6a:2b:b1:c5:88:7e:c4:bb:1e:b0:c1:d8:45: |
| (2) | 27:6f:aa:37:58:f7:87:26:d7:d8:2d:f6:a9:17:b7: |
| (2) | 1f:72:36:4e:a6:17:3f:65:98:92:db:2a:6e:5d:a2: |
| (2) | fe:88:e0:0b:de:7f:e5:8d:15:e1:eb:cb:3a:d5:e2: |
| (2) | 12:a2:13:2d:d8:8e:af:5f:12:3d:a0:08:05:08:b6: |
| (2) | 5c:a5:65:38:04:45:99:1e:a3:60:60:74:c5:41:a5: |
| (2) | 72:62:1b:62:c5:1f:6f:5f:1a:42:be:02:51:65:a8: |
| (2) | ae:23:18:6a:fc:78:03:a9:4d:7f:80:c3:fa:ab:5a: |
| (2) | fc:a1:40:a4:ca:19:16:fe:b2:c8:ef:5e:73:0d:ee: |
| (2) | 77:bd:9a:f6:79:98:bc:b1:07:67:a2:15:0d:dd:a0: |
| (2) | 58:c6:44:7b:0a:3e:62:28:5f:ba:41:07:53:58:cf: |
| (2) | 11:7e:38:74:c5:f8:ff:b5:69:90:8f:84:74:ea:97: |
| (2) | 1b:af |
| (2) | Exponent: 3 (0x3) |
| (2)X509v3 EXTENSIONS | |
| (2)X509v3 Subject Key Identifier | D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 |
| (2)X509v3 Authority Key Identifier | DirName:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com |
| (2) | serial:01 |
| (2)X509v3 Basic Constraints | critical |
| (2) | CA:TRUE |
| (2)Authority Information Access | OCSP - URI:http://ocsp.godaddy.com |
| (2)X509v3 CRL Distribution Points | |
| (2) | Full Name: |
| (2) | URI:http://certificates.godaddy.com/repository/root.crl |
| (2)X509v3 Certificate Policies | Policy: X509v3 Any Policy |
| (2) | CPS: http://certificates.godaddy.com/repository |
| (2)X509v3 Key Usage | critical |
| (2) | Certificate Sign, CRL Sign |
| (2)Signature | (128 octets) |
| (2) | b5:40:f9:a7:1d:f6:ea:fe:a4:1a:42:5a:44:f7:15:d4 |
| (2) | 85:46:89:c0:be:9e:e3:e3:eb:c5:e3:58:89:8f:92:9f |
| (2) | 57:a8:71:2c:48:d1:81:b2:79:1f:ac:06:35:19:b0:4e |
| (2) | 0e:58:1b:14:b3:98:81:d1:04:1e:c8:07:c9:83:9f:78 |
| (2) | 44:0a:18:0b:98:dc:76:7a:65:0d:0d:6d:80:c4:0b:01 |
| (2) | 1c:cb:ad:47:3e:71:be:77:4b:cc:06:77:d0:f4:56:6b |
| (2) | 1f:4b:13:9a:14:8a:88:23:a8:51:f0:83:4c:ab:35:bf |
| (2) | 46:7e:39:dc:75:a4:ae:e8:29:fb:ef:39:8f:4f:55:67 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Web Server Supports HTTP Request Pipelining | port 443/tcp over SSL |
The target Web server was found to support this functionality of the HTTP 1.1 protocol.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Adobe ColdFusion Detected on Remote Host | intranet.hsl.unc.edu:443/tcp |
Adobe ColdFusion is running on this Web server.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft IIS Server Detected | intranet.hsl.unc.edu:443/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Web Server Version | intranet.hsl.unc.edu:443/tcp |
| Server Version | Server Banner |
| Microsoft-IIS/7.0 | Microsoft-IIS/7.0 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
List of Web Directories | intranet.hsl.unc.edu:443/tcp |
| Directory | Source |
| /cfide/administrator/ | brute force |
| /cfide/Administrator/ | brute force |
| /CFIDE/ | brute force |
| /CFIDE | brute force |
| /CFIDE/ | web page |
| /CFIDE/administrator/ | web page |
| /CFIDE/administrator | web page |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft IIS Server Detected | intranet.hsl.unc.edu:80/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Web Server Version | intranet.hsl.unc.edu:80/tcp |
| Server Version | Server Banner |
| Microsoft-IIS/7.0 | Microsoft-IIS/7.0 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
List of Web Directories | intranet.hsl.unc.edu:80/tcp |
| Directory | Source |
| /admin/ | web page |
Windows Server 2008 R2 Enterprise 64 bit Edition Service Pack 1
| Expand | Severity | Title | Port/Service |
|
|
3
|
Enabled DCOM |
Gimmiv.A malware has also been reported to exploit a vulnerability in RPC DCOM.
DCOM enabled attracts Internet worms and permits your system to be remotely compromised by malicious hackers.
Information on disabling DCOM can be found at the Microsoft Technet article called How to Disable DCOM Support in Windows.
For disabling DCOM on Windows 7, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 refer to Microsoft's article Enable or Disable DCOM.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Windows Enterprise Hotfix Rollup (KB2775511) |
This hotfix rollup contains 90 hotfixes that were released after the release of SP1 for Windows 7 and Windows Server 2008 R2.
Microsoft recommend that users should apply this hotfix rollup as part of your regular maintenance routine and build processes for Windows 7 and Windows Server 2008 R2 computers.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
Insecure Microsoft Internet Explorer Intranet Zone User Setting Detected |
To change the settings, go to Control Panel-> Internet Options-> Security tab.
To interpret the results section, please refer to KB182569 for IE6 and IE7.
Refer to Site to Zone Assignment Section 3 for Group Policy Settings in IE8.
Refer to Internet Explorer 9 Security Settings for IE9.
Also refer to BB457144 article from Microsoft.
The following minimal settings are recommended to be set in the registry for each user in the hive:
Download Signed ActiveX Controls - Prompt (minimum)
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Access data sources across domains - Prompt (minimum)
Display mixed content - Prompt (minimum)
Installation of desktop items - Prompt (minimum)
Launching programs and files in an IFRAME - Prompt (minimum)
Allow web pages to use restricted protocols for active content - Prompt (minimum)
Open files based on content, not file extension - Enable
Submit non-encrypted form data - Prompt (minimum)
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Internet Explorer 9 "Iedvtool.dll" Malformed HTML Denial of Service - Zero Day |
The browser is exposed to a remote denial of service issue. This issue occurs because of a NULL pointer deference error in the "Iedvtool.dll" file, when parsing malformed HTML pages.
Affected Versions:
The issue is confirmed in Internet Explorer 9.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Internet Explorer Mouse Tracking Events Design Error Vulnerability |
Internet Explorer is exposed to an information disclosure vulnerability.
Affected Versions:
Internet Explorer 6 through 10.
Workaround:
Use a different browser than Internet Explorer until a patch becomes available.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Internet Explorer Stack Exhaustion Denial of Service Vulnerability |
Microsoft Internet Explorer is vulnerable to a stack exhaustion condition that could allow an unauthenticated, remote attacker to cause a denial of service on a targeted system. The attacker could entice the targeted user into visiting a malicious webpage or by following a crafted link.
Since this is a stack exhaustion condition, this vulnerability may not be typically exploited for code execution. Internet Explorer 10 is not vulnerable to this issue. More details about the vulnerability can be found at this link.
Affected Software:
Microsoft Internet Explorer versions 9 and 8.
Workaround:
Users are advised to observe caution when following links and content from untrusted sources.
Users may consider upgrading to Internet Explorer version 10 on compatible systems.
| Expand | Severity | Title | Port/Service |
|
|
3
|
EOL/Obsolete Software: Oracle Java SE/JRE/JDK 6/1.6 Detected |
Starting March 2013, Oracle will no longer post updates of Java SE 6/1.6 to its public download sites as it has reached end of life support. Existing Java SE 6/1.6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network.
Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Windows "RunAs" Password Length Local Information Disclosure - Zero Day |
RunAs is prone to a local password disclosure vulnerability that allows a malicious user to guess the password length when "runas.exe" is used to launch an application under another's user's privilege. When the application prompts the current user for the password of the specified user, a local attacker can monitor the "I/O Other Bytes" performance of the application to determine the length of the submitted password.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Hotfix KB2264107 (DLL hijacking) Not Installed / Not Configured |
Affected Software:
Windows XP , 2003 Server , Windows Vista , Windows server 2008 and Windows 7 are reported to be vulnerable.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
KB2264107: Windows XP Professional 32-Bit Edition
KB2264107: Windows XP Professional 64-Bit Edition
KB2264107: Windows 2003 32-Bit Edition
KB2264107: Windows Server 2003 64-Bit Edition
KB2264107: Windows Server 2003 with SP2 for Itanium-based Systems
KB2264107: Windows Vista 32-Bit
KB2264107: Windows Vista x64 Edition
KB2264107: Windows Server 2008 for 32-bit Systems
KB2264107: Windows Server 2008 for x64-based Systems
KB2264107: Windows Server 2008 for Itanium-based Systems
KB2264107: Windows 7 for 32-bit Systems
KB2264107: Windows 7 for x64-based Systems
| Expand | Severity | Title | Port/Service |
|
|
2
|
Global User List |
| User Name | Source Vulnerability (QualysID) |
| sop.admin | 45032 |
| sop.guest | 90266, 45027, 45031 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
NetBIOS Name Accessible |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Internet Explorer Cache Objects History Enumeration Vulnerability - Zero Day |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SSL Certificate - Signature Verification Failed Vulnerability | port 27599/tcp over SSL |
If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication.
Exception:
If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows User Accounts With Unchanged Passwords |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Registry Setting To Globally Prevent Socket Hijacking Missing |
This issue arises when the first server socket binds to a port (privileged or otherwise) but specifies "INADDR_ANY" or "0.0.0.0" as the IP address to bind on. This allows the server to receive packets arriving on that port on any interface configured with a public IP address. This configuration is typical on a multihomed/multi-NIC machine set up as a server (or when the IP address might change in the future). However, if another rogue socket binds to the same port (using "SO_REUSEADDR") on a more specific IP address (instead of INADDR_ANY) of one of the interfaces, the network stack hands packets arriving on that port to the more specifically bound socket.
As a solution, Microsoft provided the SO_EXCLUSIVEADDRUSE Option, a socket option to be used by sockets before binding, to prevent this issue. However, using the SO_EXCLUSIVEADDRUSE option may not be possible for administrators with server applications coded prior to this solution, or which are closed source binaries that can't be fixed to implement this. This socket option has been provided for all Windows versions starting from Windows NT 4.0 Service Pack 4 and onwards.
The administrator should first confirm that disallowing socket reuse globally does not break the functionality/correctness of existing legitimate servers on the system. If it's safe, the setting described above should be used to apply this security measure.
Please refer to Microsoft article on SO_EXCLUSIVEADDRUSE before implementing this feature.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Remote Access or Management Service Detected |
The Results section includes information on the remote access service that was found on the target.
Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Accounts Enumerated From SAM Database Whose Passwords Do Not Expire |
| Expand | Severity | Title | Port/Service |
|
|
3
|
NetBIOS Bindings Information |
| Name | Service | NetBIOS Suffix |
| SOP-TS2 | Workstation Service | 0x0 |
| AD | Domain Name | 0x0 |
| SOP-TS2 | File Server Service | 0x20 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
NetBIOS Shared Folders |
| Device Name | Comment | Type | Label | Size | Description |
| ADMIN$ | Remote Admin | -2147483648 | 39 GB | Disk (mounted) | |
| C$ | Default share | -2147483648 | |||
| IPC$ | Remote IPC | -2147483645 | |||
| MTATempStore$ | 0 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Windows Socket Parameters, TCP/IP Hardening Guidelines |
You can configure four parameters for the dynamic backlog:
EnableDynamicBacklog: Switches between using a static backlog and a dynamic backlog. By default, this parameter is set to 0, which enables the static backlog. You should enable the dynamic backlog for better security on Winsock.
MinimumDynamicBacklog: Controls the minimum number of free connections allowed on a listening Winsock endpoint. If the number of free connections drops below this value, a thread is queued to create additional free connections. Making this value too large (setting it to a number greater than 100) will degrade the performance of the computer.
MaximumDynamicBacklog: Controls the maximum number of half-open and free connections to Winsock endpoints. If this value is reached, no additional free connections will be made.
DynamicBacklogGrowthDelta: Controls the number of Winsock endpoints in each allocation pool requested by the computer. Setting this value too high can cause system resources to be unnecessarily occupied.
Each of these values must be added to this registry key:
HKLM\System\CurrentControlSet\Services\AFD\Parameters
The recommended levels of protection for these parameters are indicated below.
DynamicBacklogGrowthDelta: 10
EnableDynamicBacklog: 1
MinimumDynamicBacklog: 20
MaximumDynamicBacklog: 20,000
Refer to the Microsoft Security Topics document called Hardening Systems and Servers: Checklists and Guides for a detailed description of these parameters and other impacts these might have before deploying these settings.
| EnableDynamicBacklog | Recommended: | 1 | Actual: | Missing |
| MinimumDynamicBacklog | Recommended: | 20 | Actual: | Missing |
| MaximumDynamicBacklog | Recommended: | 20, 000 | Actual: | Missing |
| DynamicBacklogGrowthDelta | Recommended: | 10 | Actual: | Missing |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Windows TCP Parameters, TCP/IP Hardening Guidelines |
To help prevent denial of service attacks, you can harden the TCP/IP protocol stack on Windows 2000/2003 and Windows XP computers. You should harden the TCP/IP stack against denial of service attacks, even on internal networks, to prevent denial of service attacks that originate from inside the network as well as on computers attached to public networks.
You can harden the TCP/IP stack on a Windows 2000/2003 or Windows XP computer by customizing these registry values, which are stored in the registry key:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
DisableIPSourceRouting: Determines whether a computer allows clients to predetermine the route that packets take to their destination. When this value is set to 2, the computer will disable source routing for IP packets.
NoNameReleaseOnDemand: Determines whether the computer will release its NetBIOS name if requested by another computer or a malicious packet attempting to hijack the computer's NetBIOS name. This is configured under HKLM\System\CurrentControlSet\Services\Netbt\Parameters
PerformRouterDiscovery: Determines whether the computer performs router discovery on this interface. Router discovery solicits router information from the network and adds the information retrieved to the route table. Setting this value to 0 will prevent the interface from performing router discovery.
EnableDeadGWDetect: Determines whether the computer will attempt to detect dead gateways. When dead gateway detection is enabled (by setting this value to 1), TCP might ask IP to change to a backup gateway if a number of connections are experiencing difficulty. Backup gateways are defined in the TCP/IP configuration dialog box in the Network Control Panel for each adapter. When you leave this setting enabled, it's possible for an attacker to redirect the server to a gateway of his choosing.
EnableICMPRedirect: When ICMP redirects are disabled (by setting the value to 0), attackers cannot carry out attacks that require a host to redirect the ICMP-based attack to a third party.
SynAttackProtect: Enables SYN flood protection in Windows 2000 and Windows XP. You can set this value to 0, 1, or 2. The default setting 0 provides no protection. Setting the value to 1 will activate SYN/ACK protection contained in the TCPMaxPortsExhausted, TCPMaxHalfOpen, and TCPMaxHalfOpenRetried values. Setting the value to 2 will protect against SYN/ACK attacks by more aggressively timing out open and half-open connections. For Windows 2003, the recommended value is 1.
TCPMaxConnectResponseRetransmissions: Determines how many times TCP retransmits an unanswered SYN/ACK message. TCP retransmits acknowledgments until the number of retransmissions specified by this value is reached.
TCPMaxHalfOpen: Determines how many connections the server can maintain in the half-open state before TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server, that is when the value of the SynAttackProtect entry is 1 or 2 and the value of the TCPMaxConnectResponseRetransmissions entry is at least 2.
TCPMaxHalfOpenRetired: Determines how many connections the server can maintain in the half open state even after a connection request has been retransmitted. If the number of connections exceeds the value of this entry, TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server, that is when the value of the SynAttackProtect entry is 1 and the value of the TCPMaxConnectResponseRetransmissions entry is at least 2.
Refer to the Microsoft Security Topics document called Hardening Systems and Servers: Checklists and Guides for a detailed description of these parameters and other impacts these might have before deploying these settings.
| EnableICMPRedirect | Recommended: | 0 | Actual: | 0 |
| SynAttackProtect | Recommended: | 2 | Actual: | 1 |
| TCPMaxConnectResponseRetransmissions | Recommended: | 2 | Actual: | 2 |
| TCPMaxHalfOpen | Recommended: | 500 | Actual: | Missing |
| TCPMaxHalfOpenRetried | Recommended: | 400 | Actual: | Missing |
| TCPMaxPortsExhausted | Recommended: | 5 | Actual: | Missing |
| TCPMaxDataRetransmissions | Recommended: | 3 | Actual: | 3 |
| EnableDeadGWDetect | Recommended: | 0 | Actual: | 0 |
| EnablePMTUDiscovery | Recommended: | 0 | Actual: | Missing |
| DisableIPSourceRouting | Recommended: | 2 | Actual: | 2 |
| NoNameReleaseOnDemand | Recommended: | 1 | Actual: | 1 |
| PerformRouterDiscovery | Recommended: | 0 | Actual: | 0 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
BHOs Detected |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
where {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} is the UUID of BHO, and InprocServer32 in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 specifies the file path of the BHO. In this example, it is "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx". Your system might have different path.
The following Browser Helper Objects have been found on your system.
| Browser Helper Objects | |
| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} | C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL |
| {B4F3A835-0E21-4959-BA22-42B3008E02FF} | C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL |
| {DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files\Java\jre6\bin\jp2ssv.dll |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Hotfix KB2264107 (DLL hijacking) Installed |
Refer to Microsoft KB article 2264107 to obtain additional details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
KB2264107: Windows XP 32 bit Edition
KB2264107: Windows XP 64 bit Edition
KB2264107: Windows Server 2003 - 32 bit
KB2264107: Windows Server 2003 - 64 bit
KB2264107: Windows Vista - 32 bit
KB2264107: Windows Vista - 64 bit
KB2264107: Windows 2008-32 bit
KB2264107: Windows 2008-64 Bit
KB2264107: Windows Server 2008 R2 for Itanium-based Systems
KB2264107: Windows Server 2008 R2 for x64-based Systems
| Expand | Severity | Title | Port/Service |
|
|
3
|
SAMR Pipe Permissions Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Antivirus Product Detected on Windows Host |
AVG Antivirus
CA eTrust Antivirus
F-Secure Antivirus
Kaspersky Antivirus
McAfee Antivirus
Network Associates Antivirus
Sophos Antivirus Scanner
Symantec Norton Antivirus Corporate Edition
Symantec Norton Antivirus Personal Edition
Symantec Endpoint Protection
TrendMicro Antivirus
ESET Antivirus Scanner
Microsoft Windows Defender
Clam Antivirus
| Expand | Severity | Title | Port/Service |
|
|
2
|
Operating System Detected |
1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.
| Operating System | Technique | ID |
| Windows Server 2008 R2 Enterprise 64 bit Edition Service Pack 1 | Windows Registry | |
| Windows 2008/7 | NTLMSSP | |
| Windows Vista / Windows 2008 / Windows 7 / Windows 2012 | TCP/IP Fingerprint | U3414:135 |
| Cisco VPN 3000 Concentrator | IKE FINGERPRINTING | |
| Windows Server 2008 R2 Enterprise 7601 Service Pack 1/Windows Server 2008 R2 Enterprise 6.1 | CIFS via TCP Port 445 | |
| cpe:/o:microsoft:windows server 2008:r2:sp1:enterprise x64: | CPE |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Effective Password Policy Information Gathering Via SAM Database |
Minimum Password Age in Days
Maximum Password Age in Days
Minimum Password Length in Characters
Password History (Number of old passwords remembered)
The policy is the effective policy, which is a combination of the local policy settings (if any) and the domain-wide policy settings made on the Domain Controller(s) for the domain.
This probe requires authentication to be successful.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Domain Effective Account Lockout Policy Information Gathered Via SAM Database |
It should be noted that if the Domain Controller/Active Directory on this domain enforces a policy as well, the Domain Controller policy will override the local policies (if any) of each host. Further, it takes up to a couple of minutes for changes on the Domain Controller policy to be propogated to all the individual hosts on that domain.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft .Net Framework Installed on Target Host |
Microsoft .NET Framework is installed on target host.
| .Net Framework | Version | Service Pack | Key |
| .Net Framework 2.0 x64 | 2.0.50727.5420 | 2 | HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727 |
| .Net Framework 3.0 x64 | 3.0.30729.5420 | 2 | HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0 |
| .Net Framework 3.5 x64 | 3.5.30729.5420 | 1 | HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5 |
| .Net Framework 4.x Client Installation x64 | 4.0.30319 | - | HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client |
| .Net Framework 4.x Full Installation x64 | 4.0.30319 | - | HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full |
| .Net Framework 2.0 x86 | 2.0.50727.5420 | 2 | HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v2.0.50727 |
| .Net Framework 3.0 x86 | 3.0.30729.5420 | 2 | HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v3.0 |
| .Net Framework 3.5 x86 | 3.5.30729.5420 | 1 | HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v3.5 |
| .Net Framework 4.x Client Installation x86 | 4.0.30319 | - | HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Client |
| .Net Framework 4.x Full Installation x86 | 4.0.30319 | - | HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Open DCE-RPC / MS-RPC Services List |
| Description | Version | TCP Ports | UDP Ports | HTTP Ports | NetBIOS/CIFS Pipes |
| DCE Endpoint Mapper | 3.0 | \PIPE\epmapper | |||
| DCE Remote Management | 1.0 | \PIPE\epmapper | |||
| DCOM OXID Resolver | 0.0 | \PIPE\epmapper | |||
| DCOM Remote Activation | 0.0 | \PIPE\epmapper | |||
| DCOM System Activator | 0.0 | \PIPE\epmapper | |||
| Microsoft Event Log Service | 0.0 | \PIPE\eventlog | |||
| Microsoft Local Security Architecture | 0.0 | \PIPE\lsarpc | |||
| Microsoft Network Logon | 1.0 | \PIPE\NETLOGON | |||
| Microsoft Registry | 1.0 | \PIPE\winreg | |||
| Microsoft Scheduler Control Service | 1.0 | \PIPE\atsvc | |||
| Microsoft Security Account Manager | 1.0 | 49154 | \PIPE\samr, \pipe\lsass | ||
| Microsoft Server Service | 3.0 | \PIPE\srvsvc | |||
| Microsoft Service Control Service | 2.0 | 49188 | \PIPE\svcctl | ||
| Microsoft Task Scheduler | 1.0 | \PIPE\atsvc | |||
| Microsoft Workstation Service | 1.0 | \PIPE\wkssvc | |||
| WinHttp Auto-Proxy Service | 5.1 | \PIPE\W32TIME_ALT | |||
| RPC ROUTER SERVICE | 1.0 | \PIPE\ROUTER | |||
| (Unknown Service) | 1.0 | 49152 | \PIPE\InitShutdown | ||
| (Unknown Service) | 1.0 | \PIPE\InitShutdown | |||
| DHCP Client LRPC Endpoint | 1.0 | 49153 | \pipe\eventlog | ||
| DHCPv6 Client LRPC Endpoint | 1.0 | 49153 | \pipe\eventlog | ||
| NRP server endpoint | 1.0 | 49153 | \pipe\eventlog | ||
| Event log TCPIP | 1.0 | 49153 | \pipe\eventlog | ||
| (Unknown Service) | 1.0 | 49155 | \PIPE\ROUTER, \PIPE\srvsvc, \PIPE\atsvc | ||
| Impl friendly name | 1.0 | 49155 | \PIPE\ROUTER, \PIPE\srvsvc, \PIPE\atsvc | ||
| XactSrv service | 1.0 | 49155 | \PIPE\atsvc | ||
| IP Transition Configuration endpoint | 1.0 | 49155 | \PIPE\atsvc | ||
| IKE/Authip API | 1.0 | 49155 | \PIPE\atsvc | ||
| (Unknown Service) | 1.0 | 49155 | \PIPE\atsvc | ||
| Unimodem LRPC Endpoint | 1.0 | \pipe\tapsrv |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Host Uptime Based on TCP TimeStamp Option |
Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Installed Applications Enumerated From Windows Installer |
| Key | Display Name | Display Version |
| Microsoft .NET Framework 4 Client Profile | Microsoft .NET Framework 4 Client Profile | 4.0.30319 |
| Microsoft .NET Framework 4 Extended | Microsoft .NET Framework 4 Extended | 4.0.30319 |
| {1D8E6291-B0D5-35EC-8441-6616F567A0F7} | Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 | 10.0.40219 |
| {1F755486-ABCB-4418-A96B-4F7B4D32BD61} | Microsoft System Center 2012 - DPM Protection Agent | 4.0.1920.0 |
| {350AA351-21FA-3270-8B7A-835434E766AD} | Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 | 9.0.21022 |
| {4B6C7001-C7D6-3710-913E-5BC23FCE91E6} | Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 | 9.0.30729.4148 |
| {5C75DA6D-F5E3-4D4B-A381-B52B8CA5B1CF} | Symantec Endpoint Protection | 11.0.7000.975 |
| {5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 | 9.0.30729.6161 |
| {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} | Microsoft Silverlight | 5.1.20125.0 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2} | Microsoft .NET Framework 4 Extended | 4.0.30319 |
| {90140000-002A-0000-1000-0000000FF1CE} | Microsoft Office Office 64-bit Components 2010 | 14.0.6029.1000 |
| {90140000-002A-0409-1000-0000000FF1CE} | Microsoft Office Shared 64-bit MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-0116-0409-1000-0000000FF1CE} | Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 | 14.0.6029.1000 |
| {95120000-00B9-0409-1000-0000000FF1CE} | Microsoft Application Error Reporting | 12.0.6015.5000 |
| {ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | Microsoft Visual C++ 2005 Redistributable (x64) | 8.0.61000 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} | Microsoft .NET Framework 4 Client Profile | 4.0.30319 |
| Key | Display Name | Display Version |
| CitrixOnlinePluginPackWeb | Citrix online plug-in - web | 12.3.0.8 |
| LiveUpdate | LiveUpdate 3.3 (Symantec Corporation) | 3.3.0.102 |
| Office14.PROPLUS | Microsoft Office Professional Plus 2010 | 14.0.6029.1000 |
| {133236FE-E2F7-4313-8BF8-A10ACAAA7CB9} | Citrix online plug-in (USB) | 12.3.0.8 |
| {188BB63B-35C8-47EE-AEBF-5EA826CAA74D} | JMP 10 | 10.0.1 |
| {26A24AE4-039D-4CA4-87B4-2F83216043FF} | Java(TM) 6 Update 43 | 6.0.430 |
| {2FC7287D-39DD-4A84-9806-D27D3CCDC51B} | Citrix online plug-in (Web) | 12.3.0.8 |
| {40526EAF-F385-42B5-B9FB-29723C2C4107} | JMP Profiler Core | 1.10.1 |
| {4A03706F-666A-4037-7777-5F2748764D10} | Java Auto Updater | 2.1.9.0 |
| {57287FDF-27E6-45BC-9DD2-A33545C46C1A} | Citrix online plug-in (HDX) | 12.3.0.8 |
| {6F2FDD50-E0F3-4117-B575-78E77F8D11EF} | Citrix online plug-in (DV) | 12.3.0.8 |
| {7102768D-57FD-455E-B5DC-A66FCB27D358} | JMP Profiler GUI | 1.10.1 |
| {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | Microsoft Visual C++ 2005 Redistributable | 8.0.61001 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 | Update for Microsoft .NET Framework 4 Extended (KB2468871) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 | Security Update for Microsoft .NET Framework 4 Extended (KB2487367) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 | Update for Microsoft .NET Framework 4 Extended (KB2533523) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 | Update for Microsoft .NET Framework 4 Extended (KB2600217) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 | Security Update for Microsoft .NET Framework 4 Extended (KB2656351) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 | Security Update for Microsoft .NET Framework 4 Extended (KB2736428) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 | Security Update for Microsoft .NET Framework 4 Extended (KB2742595) | 1 |
| {90140000-0011-0000-0000-0000000FF1CE} | Microsoft Office Professional Plus 2010 | 14.0.6029.1000 |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{0690E5CB-319C-4FA5-8513-2E255BBB29B9} | Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C} | Security Update for Microsoft Office 2010 (KB2553091) | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{10802A6D-EDBF-4383-BCBD-9D5B32F56D35} | Security Update for Microsoft Office 2010 (KB2553096) | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56} | Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408} | Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2} | Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{280E2D43-11CC-4ADE-A171-9286CCB5412B} | Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23} | Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4} | Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936} | Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158} | Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{73CC972E-6ABF-456B-9E1E-BADC0E65B57A} | Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F} | Update for Microsoft Office 2010 (KB2553092) | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2} | Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9FD050BA-79BD-42A4-9E24-E8E13F1C775F} | Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9FF4E0C9-11BB-4B32-AC5E-EAB896CB4216} | Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A5E549EB-FDD3-4CD1-8163-50D429A36516} | Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8} | Update for Microsoft Office 2010 (KB2553065) | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF} | Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B5489515-6DD4-47A5-AE4E-64751D15F10E} | Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F} | Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{C7681269-D74B-4AFC-8623-231DD9E66259} | Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CC39BA1F-7A25-440C-86A7-77E35D8CC88C} | Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3} | Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D267D0F7-9770-467D-ACF3-FB2F7E0AC532} | Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02} | Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6} | Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363} | Update for Microsoft Office 2010 (KB2566458) | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F0CF1EB7-3E57-4F85-843F-B3C79088510D} | Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1CBE095-403D-466D-BB13-B185A5F33231} | Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F8243081-3FB0-4EE8-9B2A-6F7D70AF5269} | Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition | Not Found |
| {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{FDCB9E3E-FA40-40E9-AFF4-73BDE8E52205} | Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition | Not Found |
| {90140000-0015-0409-0000-0000000FF1CE} | Microsoft Office Access MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-0016-0409-0000-0000000FF1CE} | Microsoft Office Excel MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-0018-0409-0000-0000000FF1CE} | Microsoft Office PowerPoint MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-0019-0409-0000-0000000FF1CE} | Microsoft Office Publisher MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-001A-0409-0000-0000000FF1CE} | Microsoft Office Outlook MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110} | Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition | Not Found |
| {90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC} | Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition | Not Found |
| {90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-001B-0409-0000-0000000FF1CE} | Microsoft Office Word MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-001F-0409-0000-0000000FF1CE} | Microsoft Office Proof (English) 2010 | 14.0.6029.1000 |
| {90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C4F26A9B-B121-4135-8084-A0D9C780C7C8} | Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition | Not Found |
| {90140000-001F-040C-0000-0000000FF1CE} | Microsoft Office Proof (French) 2010 | 14.0.6029.1000 |
| {90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{460FF681-BC66-4C38-99DF-7012E03F1EBA} | Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition | Not Found |
| {90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-001F-0C0A-0000-0000000FF1CE} | Microsoft Office Proof (Spanish) 2010 | 14.0.6029.1000 |
| {90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{C633216E-FF30-45B6-B2AB-21922A9353EF} | Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition | Not Found |
| {90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2} | Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition | Not Found |
| {90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{280E2D43-11CC-4ADE-A171-9286CCB5412B} | Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition | Not Found |
| {90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936} | Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition | Not Found |
| {90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F0CF1EB7-3E57-4F85-843F-B3C79088510D} | Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition | Not Found |
| {90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-002C-0409-0000-0000000FF1CE} | Microsoft Office Proofing (English) 2010 | 14.0.6029.1000 |
| {90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-0044-0409-0000-0000000FF1CE} | Microsoft Office InfoPath MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-006E-0409-0000-0000000FF1CE} | Microsoft Office Shared MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668} | Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition | Not Found |
| {90140000-00A1-0409-0000-0000000FF1CE} | Microsoft Office OneNote MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934} | Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition | Not Found |
| {90140000-00BA-0409-0000-0000000FF1CE} | Microsoft Office Groove MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-0115-0409-0000-0000000FF1CE} | Microsoft Office Shared Setup Metadata MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {90140000-0117-0409-0000-0000000FF1CE} | Microsoft Office Access Setup Metadata MUI (English) 2010 | 14.0.6029.1000 |
| {90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} | Microsoft Office 2010 Service Pack 1 (SP1) | Not Found |
| {9BE518E6-ECC6-35A9-88E4-87755C07200F} | Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 | 9.0.30729.6161 |
| {bcd538f9-31bf-4730-920a-066a6f7fb10d} | SAS 9.3 | Not Found |
| {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 | 10.0.40219 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 | Update for Microsoft .NET Framework 4 Client Profile (KB2468871) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 | Update for Microsoft .NET Framework 4 Client Profile (KB2533523) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 | Update for Microsoft .NET Framework 4 Client Profile (KB2600217) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) | 2 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) | 1 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Real Name of Built-in Guest Account Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Assign Primary Token Privilege |
| Network_Service |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Audit Privilege |
| Network_Service |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Backup Files and Directories |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Change Notify |
| Administrators |
| Network_Service |
| Local_Service |
| Authenticated_Users |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Create Global Objects |
| Service_Logon |
| Administrators |
| Network_Service |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Create Page File |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Delegation |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Impersonate |
| Service_Logon |
| Administrators |
| Network_Service |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Increase Base Priority |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Increase Quota |
| Administrators |
| Network_Service |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Load Drivers |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Profile Single Process |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Remote Shutdown |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Restore |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Change Security Atrributes |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Shutdown |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Manage Volumes |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privileges - Profile System |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privileges - Modify System Time |
| Administrators |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privileges - Take Object Ownership |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Undock Privilege |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights - Logon as a Batch |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights - Interactive Logon |
| Users |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights - Network Logon |
| Administrators |
| Authenticated_Users |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights - Logon as a Service |
| ALL SERVICES |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights Denied - Logon as a Batch |
| Guests |
| Domain_Admins_Group |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights Denied - Interactive Logon |
| Guests |
| Domain_Admins_Group |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights Denied - Network Logon |
| Guests |
| Domain_Admins_Group |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights Denied - Logon as a Service |
| Guests |
| Domain_Admins_Group |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Auto Reboot After Blue Screen Not Disabled |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Win32 Services Security Analysis |
| Name | Access | ACL1 | ACL2 | ACL3 |
| AeLookupSvc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| AeLookupSvc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| AeLookupSvc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| AeLookupSvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| AeLookupSvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| AeLookupSvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| AeLookupSvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| AeLookupSvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| AeLookupSvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AeLookupSvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| AeLookupSvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AudioEndpointBuilder | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| AudioEndpointBuilder | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| AudioEndpointBuilder | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| AudioEndpointBuilder | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| AudioEndpointBuilder | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| AudioEndpointBuilder | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| AudioEndpointBuilder | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| AudioEndpointBuilder | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| AudioEndpointBuilder | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AudioEndpointBuilder | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| AudioEndpointBuilder | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AudioSrv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| AudioSrv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| AudioSrv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| AudioSrv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| AudioSrv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| AudioSrv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| AudioSrv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| AudioSrv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| AudioSrv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AudioSrv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| AudioSrv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| BFE | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| BFE | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| BFE | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| BFE | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| BFE | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| BFE | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| BFE | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| BFE | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| BFE | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| BFE | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| BFE | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| BITS | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| BITS | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| BITS | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| BITS | Access Allowed for Local System | stop-service | pause-continue-service | - |
| BITS | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| BITS | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| BITS | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| BITS | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| BITS | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| BITS | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| BITS | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| BITS | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ccEvtMgr | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| ccEvtMgr | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| ccEvtMgr | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| ccEvtMgr | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| ccEvtMgr | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| ccEvtMgr | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| ccEvtMgr | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| ccEvtMgr | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| ccEvtMgr | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ccEvtMgr | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| ccEvtMgr | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ccSetMgr | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| ccSetMgr | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| ccSetMgr | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| ccSetMgr | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| ccSetMgr | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| ccSetMgr | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| ccSetMgr | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| ccSetMgr | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| ccSetMgr | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ccSetMgr | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| ccSetMgr | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CertPropSvc | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| CertPropSvc | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| CertPropSvc | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| CertPropSvc | Access Allowed for Local System | stop-service | pause-continue-service | - |
| CertPropSvc | Access Allowed for Administrators | standard-read | query-service-config | change-service-config |
| CertPropSvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| CertPropSvc | Access Allowed for Administrators | stop-service | pause-continue-service | nterrogate-service |
| CertPropSvc | Access Allowed for Administrators | service-user-defined-control | - | - |
| CertPropSvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| CertPropSvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CertPropSvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| CertPropSvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CertPropSvc | Access Allowed for S-1-5-80-446051430-1559341753-4161941529-1950928533-810483104 | start-service | stop-service | - |
| CryptSvc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| CryptSvc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| CryptSvc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| CryptSvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| CryptSvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| CryptSvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| CryptSvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| CryptSvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| CryptSvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CryptSvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| CryptSvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| DcomLaunch | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| DcomLaunch | Access Allowed for Authenticated Users | nterrogate-service | - | - |
| DcomLaunch | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| DcomLaunch | Access Allowed for Local System | query-service-config | change-service-config | query-service-status |
| DcomLaunch | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| DcomLaunch | Access Allowed for Local System | pause-continue-service | nterrogate-service | - |
| DcomLaunch | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| DcomLaunch | Access Allowed for Administrators | query-service-config | query-service-status | enumerate-service-dependents |
| DcomLaunch | Access Allowed for Administrators | start-service | stop-service | pause-continue-service |
| DcomLaunch | Access Allowed for Administrators | nterrogate-service | - | - |
| DcomLaunch | Access Allowed for Users | query-service-config | query-service-status | nterrogate-service |
| Dhcp | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| Dhcp | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Dhcp | Access Allowed for Network Configuration Operators | standard-read | query-service-config | query-service-status |
| Dhcp | Access Allowed for Network Configuration Operators | enumerate-service-dependents | start-service | stop-service |
| Dhcp | Access Allowed for Network Configuration Operators | pause-continue-service | nterrogate-service | service-user-defined-control |
| Dhcp | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Dhcp | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Dhcp | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Dhcp | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Dhcp | Access Allowed for Local | standard-read | query-service-config | query-service-status |
| Dhcp | Access Allowed for Local | enumerate-service-dependents | start-service | nterrogate-service |
| Dhcp | Access Allowed for Local | service-user-defined-control | - | - |
| Dhcp | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Dhcp | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Dhcp | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Dnscache | Access Allowed for Users | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Users | enumerate-service-dependents | start-service | nterrogate-service |
| Dnscache | Access Allowed for Users | service-user-defined-control | - | - |
| Dnscache | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Dnscache | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Dnscache | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Dnscache | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Dnscache | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Dnscache | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Dnscache | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Dnscache | Access Allowed for Network Service | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Network Service | enumerate-service-dependents | nterrogate-service | - |
| Dnscache | Access Allowed for Local Service | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Local Service | enumerate-service-dependents | nterrogate-service | - |
| Dnscache | Access Allowed for Network Configuration Operators | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Network Configuration Operators | enumerate-service-dependents | pause-continue-service | nterrogate-service |
| Dnscache | Access Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582 | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582 | enumerate-service-dependents | pause-continue-service | nterrogate-service |
| Dnscache | Access Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582 | service-user-defined-control | - | - |
| DPS | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| DPS | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| DPS | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| DPS | Access Allowed for Local System | stop-service | pause-continue-service | - |
| DPS | Access Allowed for Administrators | standard-read | query-service-config | change-service-config |
| DPS | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| DPS | Access Allowed for Administrators | stop-service | pause-continue-service | nterrogate-service |
| DPS | Access Allowed for Administrators | service-user-defined-control | - | - |
| DPS | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| DPS | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| DPS | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| DPS | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| eventlog | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| eventlog | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| eventlog | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| eventlog | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| eventlog | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| eventlog | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| eventlog | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| eventlog | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| eventlog | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| EventSystem | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| EventSystem | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| EventSystem | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| EventSystem | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| EventSystem | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| EventSystem | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| EventSystem | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| EventSystem | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| EventSystem | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| EventSystem | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| EventSystem | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| FontCache | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| FontCache | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| FontCache | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| FontCache | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| FontCache | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| FontCache | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| FontCache | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| FontCache | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| FontCache | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| FontCache | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| FontCache | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| FontCache | Access Allowed for Interactive Logon | start-service | - | - |
| FontCache | Access Allowed for Service Logon | start-service | - | - |
| FontCache | Access Allowed for S-1-15-2-1 | standard-read | query-service-config | query-service-status |
| FontCache | Access Allowed for S-1-15-2-1 | enumerate-service-dependents | start-service | nterrogate-service |
| FontCache | Access Allowed for S-1-15-2-1 | service-user-defined-control | - | - |
| gpsvc | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| gpsvc | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| gpsvc | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| gpsvc | Access Allowed for Local System | stop-service | pause-continue-service | - |
| gpsvc | Access Allowed for Administrators | standard-read | query-service-config | query-service-status |
| gpsvc | Access Allowed for Administrators | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| gpsvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| gpsvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| gpsvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| gpsvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| IKEEXT | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| IKEEXT | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| IKEEXT | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| IKEEXT | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| IKEEXT | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| IKEEXT | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| IKEEXT | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| IKEEXT | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| IKEEXT | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| IKEEXT | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| IKEEXT | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| iphlpsvc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| iphlpsvc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| iphlpsvc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| iphlpsvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| iphlpsvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| iphlpsvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| iphlpsvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| iphlpsvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| iphlpsvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| iphlpsvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| iphlpsvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| LanmanServer | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| LanmanServer | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| LanmanServer | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| LanmanServer | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| LanmanServer | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| LanmanServer | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| LanmanServer | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| LanmanServer | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| LanmanServer | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| LanmanServer | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| LanmanServer | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| LanmanWorkstation | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| LanmanWorkstation | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| LanmanWorkstation | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| LanmanWorkstation | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| LanmanWorkstation | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| LanmanWorkstation | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| LanmanWorkstation | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| LanmanWorkstation | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| LanmanWorkstation | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| LanmanWorkstation | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| LanmanWorkstation | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| lmhosts | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| lmhosts | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| lmhosts | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| lmhosts | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| lmhosts | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| lmhosts | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| lmhosts | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| lmhosts | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| lmhosts | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| lmhosts | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| lmhosts | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| MMCSS | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| MMCSS | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| MMCSS | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| MMCSS | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| MMCSS | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| MMCSS | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| MMCSS | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| MMCSS | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| MMCSS | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| MMCSS | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| MMCSS | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| MMCSS | Access Allowed for Users | start-service | - | - |
| MpsSvc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| MpsSvc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| MpsSvc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| MpsSvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| MpsSvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| MpsSvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| MpsSvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| MpsSvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| MpsSvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| MpsSvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| MpsSvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| MpsSvc | Access Allowed for S-1-5-80-2006800713-1441093265-249754844-3404434343-1444102779 | query-service-config | query-service-status | start-service |
| MSDTC | Access Allowed for Local | standard-read | query-service-config | query-service-status |
| MSDTC | Access Allowed for Local | enumerate-service-dependents | start-service | nterrogate-service |
| MSDTC | Access Allowed for Local System | standard-read | query-service-config | change-service-config |
| MSDTC | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| MSDTC | Access Allowed for Local System | stop-service | pause-continue-service | nterrogate-service |
| MSDTC | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| MSDTC | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| MSDTC | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| MSDTC | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| MSDTC | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| MSDTC | Access Allowed for Interactive Logon | enumerate-service-dependents | start-service | nterrogate-service |
| MSDTC | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| MSDTC | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | - |
| MSDTC | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| MSDTC | Access Allowed for Service Logon | enumerate-service-dependents | start-service | nterrogate-service |
| MSDTC | Access Allowed for S-1-5-80-3960419045-2460139048-4046793004-1809597027-2250574426 | standard-read | query-service-config | query-service-status |
| MSDTC | Access Allowed for S-1-5-80-3960419045-2460139048-4046793004-1809597027-2250574426 | enumerate-service-dependents | nterrogate-service | - |
| Netlogon | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Netlogon | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Netlogon | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Netlogon | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Netlogon | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Netlogon | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Netlogon | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Netlogon | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Netlogon | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Netlogon | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Netlogon | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Netman | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Netman | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Netman | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Netman | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Netman | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Netman | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Netman | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Netman | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Netman | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Netman | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Netman | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| netprofm | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| netprofm | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| netprofm | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| netprofm | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| netprofm | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| netprofm | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| netprofm | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| netprofm | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| netprofm | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| netprofm | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| netprofm | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NlaSvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| NlaSvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| NlaSvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| NlaSvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| NlaSvc | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| NlaSvc | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| NlaSvc | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| NlaSvc | Access Allowed for Local System | stop-service | pause-continue-service | - |
| NlaSvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| NlaSvc | Access Allowed for Interactive Logon | enumerate-service-dependents | start-service | nterrogate-service |
| NlaSvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| NlaSvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NlaSvc | Access Allowed for S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453 | standard-read | query-service-config | query-service-status |
| NlaSvc | Access Allowed for S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453 | enumerate-service-dependents | start-service | - |
| nsi | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| nsi | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| nsi | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| nsi | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| nsi | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| nsi | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| nsi | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| nsi | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| nsi | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| nsi | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| nsi | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| osppsvc | Access Allowed for Network Service | query-service-config | query-service-status | enumerate-service-dependents |
| osppsvc | Access Allowed for Network Service | start-service | nterrogate-service | - |
| osppsvc | Access Allowed for Interactive Logon | query-service-config | query-service-status | enumerate-service-dependents |
| osppsvc | Access Allowed for Interactive Logon | start-service | nterrogate-service | - |
| osppsvc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| osppsvc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| osppsvc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| osppsvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| osppsvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| osppsvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| osppsvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| osppsvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| osppsvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| PlugPlay | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| PlugPlay | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| PlugPlay | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| PlugPlay | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| PlugPlay | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| PlugPlay | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| PlugPlay | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| PlugPlay | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| PlugPlay | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| PlugPlay | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| PlugPlay | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| PolicyAgent | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| PolicyAgent | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| PolicyAgent | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| PolicyAgent | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| PolicyAgent | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| PolicyAgent | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| PolicyAgent | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| PolicyAgent | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| PolicyAgent | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| PolicyAgent | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| PolicyAgent | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Power | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Power | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Power | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Power | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Power | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Power | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Power | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Power | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Power | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Power | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Power | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ProfSvc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| ProfSvc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| ProfSvc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| ProfSvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| ProfSvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| ProfSvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| ProfSvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| ProfSvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| ProfSvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ProfSvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| ProfSvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ProtectedStorage | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| ProtectedStorage | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| ProtectedStorage | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| ProtectedStorage | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| ProtectedStorage | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| ProtectedStorage | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| ProtectedStorage | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| ProtectedStorage | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| ProtectedStorage | Access Allowed for Interactive Logon | enumerate-service-dependents | start-service | nterrogate-service |
| ProtectedStorage | Access Allowed for Interactive Logon | service-user-defined-control | - | - |
| ProtectedStorage | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| ProtectedStorage | Access Allowed for Service Logon | enumerate-service-dependents | start-service | nterrogate-service |
| ProtectedStorage | Access Allowed for Service Logon | service-user-defined-control | - | - |
| ProtectedStorage | Access Allowed for Authenticated Users | service-user-defined-control | - | - |
| RasMan | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| RasMan | Access Allowed for Authenticated Users | enumerate-service-dependents | start-service | nterrogate-service |
| RasMan | Access Allowed for Authenticated Users | service-user-defined-control | - | - |
| RasMan | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| RasMan | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| RasMan | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| RasMan | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| RemoteRegistry | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| RemoteRegistry | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| RemoteRegistry | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| RemoteRegistry | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| RemoteRegistry | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| RemoteRegistry | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| RemoteRegistry | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| RemoteRegistry | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| RemoteRegistry | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| RemoteRegistry | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| RemoteRegistry | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| RpcEptMapper | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| RpcEptMapper | Access Allowed for Authenticated Users | nterrogate-service | - | - |
| RpcEptMapper | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| RpcEptMapper | Access Allowed for Local System | query-service-config | change-service-config | query-service-status |
| RpcEptMapper | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| RpcEptMapper | Access Allowed for Local System | pause-continue-service | nterrogate-service | - |
| RpcEptMapper | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| RpcEptMapper | Access Allowed for Administrators | query-service-config | query-service-status | enumerate-service-dependents |
| RpcEptMapper | Access Allowed for Administrators | start-service | stop-service | pause-continue-service |
| RpcEptMapper | Access Allowed for Administrators | nterrogate-service | - | - |
| RpcEptMapper | Access Allowed for Users | query-service-config | query-service-status | start-service |
| RpcEptMapper | Access Allowed for Users | nterrogate-service | - | - |
| RpcSs | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| RpcSs | Access Allowed for Authenticated Users | nterrogate-service | - | - |
| RpcSs | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| RpcSs | Access Allowed for Local System | query-service-config | change-service-config | query-service-status |
| RpcSs | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| RpcSs | Access Allowed for Local System | pause-continue-service | nterrogate-service | - |
| RpcSs | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| RpcSs | Access Allowed for Administrators | query-service-config | query-service-status | enumerate-service-dependents |
| RpcSs | Access Allowed for Administrators | start-service | stop-service | pause-continue-service |
| RpcSs | Access Allowed for Administrators | nterrogate-service | - | - |
| RpcSs | Access Allowed for Users | query-service-config | query-service-status | nterrogate-service |
| SamSs | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| SamSs | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | - |
| SamSs | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| SamSs | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| SamSs | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| SamSs | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| SamSs | Access Allowed for Interactive Logon | query-service-config | query-service-status | enumerate-service-dependents |
| SamSs | Access Allowed for Interactive Logon | nterrogate-service | - | - |
| SamSs | Access Allowed for Users | query-service-config | query-service-status | enumerate-service-dependents |
| SamSs | Access Allowed for Users | nterrogate-service | - | - |
| Schedule | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| Schedule | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | - |
| Schedule | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Schedule | Access Allowed for Administrators | query-service-config | query-service-status | enumerate-service-dependents |
| Schedule | Access Allowed for Administrators | start-service | pause-continue-service | nterrogate-service |
| Schedule | Access Allowed for Administrators | service-user-defined-control | - | - |
| Schedule | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| Schedule | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| Schedule | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| Schedule | Access Allowed for Local System | stop-service | pause-continue-service | - |
| Schedule | Access Allowed for Users | standard-read | query-service-config | query-service-status |
| Schedule | Access Allowed for Users | enumerate-service-dependents | nterrogate-service | - |
| SENS | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| SENS | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| SENS | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| SENS | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| SENS | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| SENS | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| SENS | Access Allowed for System Operators | standard-read | standard-write-owner | standard-write-dac |
| SENS | Access Allowed for System Operators | standard-delete | query-service-config | change-service-config |
| SENS | Access Allowed for System Operators | query-service-status | enumerate-service-dependents | start-service |
| SENS | Access Allowed for System Operators | stop-service | pause-continue-service | - |
| SENS | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| SENS | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| SENS | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| SessionEnv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| SessionEnv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| SessionEnv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| SessionEnv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| SessionEnv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Results were truncated. | ||||
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Driver Security Analysis |
| Name | Access | ACL1 | ACL2 | ACL3 |
| ACPI | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| ACPI | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| ACPI | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| ACPI | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| ACPI | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| ACPI | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| ACPI | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| ACPI | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| ACPI | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ACPI | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| ACPI | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AFD | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| AFD | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| AFD | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| AFD | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| AFD | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| AFD | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| AFD | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| AFD | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| AFD | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AFD | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| AFD | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| amdxata | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| amdxata | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| amdxata | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| amdxata | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| amdxata | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| amdxata | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| amdxata | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| amdxata | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| amdxata | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| amdxata | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| amdxata | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AsyncMac | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| AsyncMac | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| AsyncMac | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| AsyncMac | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| AsyncMac | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| AsyncMac | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| AsyncMac | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| AsyncMac | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| AsyncMac | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AsyncMac | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| AsyncMac | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| atapi | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| atapi | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| atapi | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| atapi | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| atapi | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| atapi | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| atapi | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| atapi | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| atapi | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| atapi | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| atapi | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| blbdrive | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| blbdrive | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| blbdrive | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| blbdrive | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| blbdrive | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| blbdrive | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| blbdrive | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| blbdrive | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| blbdrive | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| blbdrive | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| blbdrive | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| bowser | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| bowser | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| bowser | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| bowser | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| bowser | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| bowser | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| bowser | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| bowser | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| bowser | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| bowser | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| bowser | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| cdrom | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| cdrom | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| cdrom | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| cdrom | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| cdrom | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| cdrom | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| cdrom | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| cdrom | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| cdrom | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| cdrom | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| cdrom | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CLFS | Access Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 | standard-read | standard-write-owner | standard-write-dac |
| CLFS | Access Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 | standard-delete | query-service-config | change-service-config |
| CLFS | Access Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 | query-service-status | enumerate-service-dependents | start-service |
| CLFS | Access Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 | stop-service | pause-continue-service | - |
| CLFS | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| CLFS | Access Allowed for Local System | enumerate-service-dependents | nterrogate-service | - |
| CLFS | Access Allowed for Administrators | standard-read | query-service-config | query-service-status |
| CLFS | Access Allowed for Administrators | enumerate-service-dependents | nterrogate-service | - |
| CLFS | Access Allowed for Users | standard-read | query-service-config | query-service-status |
| CLFS | Access Allowed for Users | enumerate-service-dependents | nterrogate-service | - |
| CNG | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| CNG | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| CNG | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| CNG | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| CNG | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| CNG | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| CNG | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| CNG | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| CNG | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CNG | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| CNG | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CompositeBus | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| CompositeBus | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| CompositeBus | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| CompositeBus | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| CompositeBus | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| CompositeBus | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| CompositeBus | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| CompositeBus | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| CompositeBus | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CompositeBus | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| CompositeBus | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ctxusbm | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| ctxusbm | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| ctxusbm | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| ctxusbm | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| ctxusbm | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| ctxusbm | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| ctxusbm | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| ctxusbm | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| ctxusbm | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ctxusbm | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| ctxusbm | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| DfsC | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| DfsC | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| DfsC | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| DfsC | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| DfsC | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| DfsC | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| DfsC | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| DfsC | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| DfsC | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| DfsC | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| DfsC | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| discache | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| discache | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| discache | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| discache | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| discache | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| discache | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| discache | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| discache | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| discache | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| discache | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| discache | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Disk | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Disk | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Disk | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Disk | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Disk | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Disk | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Disk | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Disk | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Disk | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Disk | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Disk | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| dmvsc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| dmvsc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| dmvsc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| dmvsc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| dmvsc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| dmvsc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| dmvsc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| dmvsc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| dmvsc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| dmvsc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| dmvsc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| DpmFilter | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| DpmFilter | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| DpmFilter | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| DpmFilter | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| DpmFilter | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| DpmFilter | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| DpmFilter | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| DpmFilter | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| DpmFilter | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| DpmFilter | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| DpmFilter | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| eeCtrl | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| eeCtrl | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| eeCtrl | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| eeCtrl | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| eeCtrl | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| eeCtrl | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| eeCtrl | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| eeCtrl | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| eeCtrl | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| eeCtrl | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| eeCtrl | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| EraserUtilRebootDrv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| EraserUtilRebootDrv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| EraserUtilRebootDrv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| EraserUtilRebootDrv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| EraserUtilRebootDrv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| EraserUtilRebootDrv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| EraserUtilRebootDrv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| EraserUtilRebootDrv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| EraserUtilRebootDrv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| EraserUtilRebootDrv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| EraserUtilRebootDrv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| fdc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| fdc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| fdc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| fdc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| fdc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| fdc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| fdc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| fdc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| fdc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| fdc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| fdc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| flpydisk | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| flpydisk | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| flpydisk | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| flpydisk | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| flpydisk | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| flpydisk | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| flpydisk | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| flpydisk | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| flpydisk | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| flpydisk | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| flpydisk | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| FltMgr | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| FltMgr | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| FltMgr | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| FltMgr | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| FltMgr | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| FltMgr | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| FltMgr | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| FltMgr | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| FltMgr | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| FltMgr | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| FltMgr | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| HTTP | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| HTTP | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| HTTP | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| HTTP | Access Allowed for Local System | stop-service | pause-continue-service | - |
| HTTP | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| HTTP | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| HTTP | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| HTTP | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| HTTP | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| HTTP | Access Allowed for Interactive Logon | enumerate-service-dependents | start-service | nterrogate-service |
| HTTP | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| HTTP | Access Allowed for Service Logon | enumerate-service-dependents | start-service | nterrogate-service |
| HTTP | Access Allowed for Batch Logon | standard-read | query-service-config | query-service-status |
| HTTP | Access Allowed for Batch Logon | enumerate-service-dependents | start-service | nterrogate-service |
| hwpolicy | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| hwpolicy | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| hwpolicy | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| hwpolicy | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| hwpolicy | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| hwpolicy | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| hwpolicy | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| hwpolicy | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| hwpolicy | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| hwpolicy | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| hwpolicy | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| i8042prt | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| i8042prt | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| i8042prt | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| i8042prt | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| i8042prt | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| i8042prt | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| i8042prt | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| i8042prt | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| i8042prt | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| i8042prt | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| i8042prt | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| intelide | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| intelide | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| intelide | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| intelide | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| intelide | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| intelide | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| intelide | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| intelide | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| intelide | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| intelide | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| intelide | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| intelppm | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| intelppm | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| intelppm | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| intelppm | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| intelppm | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| intelppm | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| intelppm | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| intelppm | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| intelppm | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| intelppm | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| intelppm | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| kbdclass | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| kbdclass | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| kbdclass | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| kbdclass | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| kbdclass | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| kbdclass | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| kbdclass | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| kbdclass | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| kbdclass | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| kbdclass | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| kbdclass | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| KSecDD | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| KSecDD | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| KSecDD | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| KSecDD | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| KSecDD | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| KSecDD | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| KSecDD | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| KSecDD | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| KSecDD | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| KSecDD | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| KSecDD | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| KSecPkg | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| KSecPkg | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| KSecPkg | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| KSecPkg | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| KSecPkg | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| KSecPkg | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| KSecPkg | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| KSecPkg | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| KSecPkg | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| KSecPkg | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| KSecPkg | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| lltdio | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| lltdio | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| lltdio | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| lltdio | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| lltdio | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| lltdio | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| lltdio | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| lltdio | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| lltdio | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| lltdio | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| lltdio | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| luafv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| luafv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| luafv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| luafv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| luafv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| luafv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| luafv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| luafv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| luafv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| luafv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| luafv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mouclass | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mouclass | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mouclass | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mouclass | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mouclass | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mouclass | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mouclass | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mouclass | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mouclass | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mouclass | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mouclass | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mouhid | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mouhid | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mouhid | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mouhid | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mouhid | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mouhid | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mouhid | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mouhid | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mouhid | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mouhid | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mouhid | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mountmgr | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mountmgr | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mountmgr | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mountmgr | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mountmgr | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mountmgr | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mountmgr | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mountmgr | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mountmgr | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mountmgr | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mountmgr | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mpsdrv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mpsdrv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mpsdrv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mpsdrv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mpsdrv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mpsdrv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mpsdrv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mpsdrv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mpsdrv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mpsdrv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mpsdrv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mrxsmb | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mrxsmb | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mrxsmb | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mrxsmb | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mrxsmb | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mrxsmb | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mrxsmb | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mrxsmb | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mrxsmb | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb10 | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mrxsmb10 | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mrxsmb10 | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mrxsmb10 | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mrxsmb10 | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mrxsmb10 | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mrxsmb10 | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mrxsmb10 | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mrxsmb10 | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb10 | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mrxsmb10 | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb20 | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mrxsmb20 | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mrxsmb20 | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mrxsmb20 | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mrxsmb20 | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mrxsmb20 | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mrxsmb20 | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mrxsmb20 | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mrxsmb20 | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb20 | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mrxsmb20 | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Msfs | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Msfs | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Msfs | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Msfs | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Msfs | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Msfs | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Msfs | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Msfs | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Msfs | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Msfs | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Msfs | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| msisadrv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| msisadrv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| msisadrv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| msisadrv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| msisadrv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| msisadrv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| msisadrv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| msisadrv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| msisadrv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| msisadrv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| msisadrv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mssmbios | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mssmbios | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mssmbios | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mssmbios | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mssmbios | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mssmbios | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mssmbios | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mssmbios | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mssmbios | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mssmbios | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mssmbios | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Mup | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Mup | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Mup | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Mup | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Mup | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Mup | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Mup | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Mup | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Mup | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Mup | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Mup | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NAVENG | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| NAVENG | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| NAVENG | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| NAVENG | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| NAVENG | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| NAVENG | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| NAVENG | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| NAVENG | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| NAVENG | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NAVENG | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| NAVENG | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NAVEX15 | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| NAVEX15 | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| NAVEX15 | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| NAVEX15 | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| NAVEX15 | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| NAVEX15 | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| NAVEX15 | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| NAVEX15 | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| NAVEX15 | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NAVEX15 | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| NAVEX15 | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NDIS | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| NDIS | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| NDIS | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| NDIS | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| NDIS | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| NDIS | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| NDIS | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| NDIS | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| NDIS | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NDIS | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| NDIS | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NdisTapi | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| NdisTapi | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| NdisTapi | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| NdisTapi | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| NdisTapi | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Results were truncated. | ||||
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Effective Permission on Shares Enumerated |
| share | SHARE TYPE | ACE TYPE | NAME | PRIMARY GROUP | ACE1 | ACE2 | ACE3 | ADDITIONAL INFO |
| ADMIN$ | Hidden Directory | Access Allowed for Group | NT SERVICE\TrustedInstaller | NT SERVICE\TrustedInstaller | generic-all | standard-read | standard-write-owner | - |
| ADMIN$ | Hidden Directory | Access Allowed for Group | NT SERVICE\TrustedInstaller | NT SERVICE\TrustedInstaller | standard-write-dac | standard-delete | - | - |
| ADMIN$ | Hidden Directory | Access Allowed for Group | Local System | NT SERVICE\TrustedInstaller | generic-all | standard-read | standard-delete | - |
| ADMIN$ | Hidden Directory | Access Allowed for Group | Administrators | NT SERVICE\TrustedInstaller | generic-all | standard-read | standard-delete | - |
| ADMIN$ | Hidden Directory | Access Allowed for Group | Users | NT SERVICE\TrustedInstaller | generic-read | generic-execute | standard-read | - |
| ADMIN$ | Hidden Directory | Access Allowed for Group | Creator Owner | NT SERVICE\TrustedInstaller | generic-all | - | - | - |
| C$ | Hidden Directory | Access Allowed for Group | Local System | NT SERVICE\TrustedInstaller | standard-read | standard-write-owner | standard-write-dac | - |
| C$ | Hidden Directory | Access Allowed for Group | Local System | NT SERVICE\TrustedInstaller | standard-delete | - | - | - |
| C$ | Hidden Directory | Access Allowed for Group | Administrators | NT SERVICE\TrustedInstaller | standard-read | standard-write-owner | standard-write-dac | - |
| C$ | Hidden Directory | Access Allowed for Group | Administrators | NT SERVICE\TrustedInstaller | standard-delete | - | - | - |
| C$ | Hidden Directory | Access Allowed for Group | Users | NT SERVICE\TrustedInstaller | standard-read | - | - | - |
| C$ | Hidden Directory | Access Allowed for Group | Creator Owner | NT SERVICE\TrustedInstaller | generic-all | - | - | - |
| IPC$ | Hidden_IPC | No_Explicit_DACLS | - | - | - | - | - | Results_may_be_incomplete |
| MTATempStore$ | Directory | Access Allowed for Group | SOP-TS2\DPMRADCOMTrustedMachines | Local System | standard-read | standard-write-owner | standard-write-dac | - |
| MTATempStore$ | Directory | Access Allowed for Group | SOP-TS2\DPMRADCOMTrustedMachines | Local System | standard-delete | - | - | - |
| MTATempStore$ | Directory | Access Allowed for Group | Administrators | Local System | standard-read | standard-write-owner | standard-write-dac | - |
| MTATempStore$ | Directory | Access Allowed for Group | Administrators | Local System | standard-delete | - | - | - |
| MTATempStore$ | Directory | Access Allowed for Group | Local System | Local System | standard-read | standard-write-owner | standard-write-dac | - |
| MTATempStore$ | Directory | Access Allowed for Group | Local System | Local System | standard-delete | - | - | - |
| MTATempStore$ | Directory | Access Allowed for Group | Users | Local System | generic-write | standard-read | - | - |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Hardening - Service Configuration |
Turning off non-essential services is an important step in hardening a Windows system.
| Name | Starttype | AccountName |
| Application Experience | Manual | localSystem |
| Application Layer Gateway Service | Manual | NT AUTHORITY\LocalService |
| Application Identity | Manual | NT Authority\LocalService |
| Application Information | Manual | LocalSystem |
| Application Management | Manual | LocalSystem |
| ASP.NET State Service | Manual | NT AUTHORITY\NetworkService |
| Windows Audio Endpoint Builder | Manual | LocalSystem |
| Windows Audio | Automatic | NT AUTHORITY\LocalService |
| Base Filtering Engine | Automatic | NT AUTHORITY\LocalService |
| Background Intelligent Transfer Service | Manual | LocalSystem |
| Computer Browser | Disabled | LocalSystem |
| Symantec Event Manager | Automatic | LocalSystem |
| Symantec Settings Manager | Automatic | LocalSystem |
| Certificate Propagation | Manual | LocalSystem |
| Microsoft .NET Framework NGEN v2.0.50727 X86 | Disabled | LocalSystem |
| Microsoft .NET Framework NGEN v2.0.50727 X64 | Disabled | LocalSystem |
| Microsoft .NET Framework NGEN v4.0.30319 X86 | Automatic | LocalSystem |
| Microsoft .NET Framework NGEN v4.0.30319 X64 | Automatic | LocalSystem |
| COM+ System Application | Manual | LocalSystem |
| Cryptographic Services | Automatic | NT Authority\NetworkService |
| Offline Files | Disabled | LocalSystem |
| DCOM Server Process Launcher | Automatic | LocalSystem |
| Disk Defragmenter | Manual | localSystem |
| DHCP Client | Automatic | NT Authority\LocalService |
| DNS Client | Automatic | NT AUTHORITY\NetworkService |
| Wired AutoConfig | Manual | localSystem |
| DPM CPWrapper Service | Disabled | LocalSystem |
| DPMRA | Manual | LocalSystem |
| Diagnostic Policy Service | Automatic | NT AUTHORITY\LocalService |
| Extensible Authentication Protocol | Manual | localSystem |
| Encrypting File System (EFS) | Manual | LocalSystem |
| Windows Event Log | Automatic | NT AUTHORITY\LocalService |
| COM+ Event System | Automatic | NT AUTHORITY\LocalService |
| Microsoft Fibre Channel Platform Registration Service | Manual | NT AUTHORITY\LocalService |
| Function Discovery Provider Host | Manual | NT AUTHORITY\LocalService |
| Function Discovery Resource Publication | Manual | NT AUTHORITY\LocalService |
| Windows Font Cache Service | Automatic | NT AUTHORITY\LocalService |
| Windows Presentation Foundation Font Cache 3.0.0.0 | Manual | NT Authority\LocalService |
| Group Policy Client | Automatic | LocalSystem |
| Human Interface Device Access | Manual | LocalSystem |
| Health Key and Certificate Management | Manual | localSystem |
| Windows CardSpace | Manual | LocalSystem |
| IKE and AuthIP IPsec Keying Modules | Automatic | LocalSystem |
| PnP-X IP Bus Enumerator | Disabled | LocalSystem |
| IP Helper | Automatic | LocalSystem |
| CNG Key Isolation | Manual | LocalSystem |
| KtmRm for Distributed Transaction Coordinator | Manual | NT AUTHORITY\NetworkService |
| Server | Automatic | LocalSystem |
| Workstation | Automatic | NT AUTHORITY\NetworkService |
| LiveUpdate | Manual | LocalSystem |
| Link-Layer Topology Discovery Mapper | Manual | NT AUTHORITY\LocalService |
| TCP/IP NetBIOS Helper | Automatic | NT AUTHORITY\LocalService |
| Microsoft SharePoint Workspace Audit Service | Manual | NT AUTHORITY\LocalService |
| Multimedia Class Scheduler | Manual | LocalSystem |
| Windows Firewall | Automatic | NT Authority\LocalService |
| Distributed Transaction Coordinator | Automatic | NT AUTHORITY\NetworkService |
| Microsoft iSCSI Initiator Service | Manual | LocalSystem |
| Windows Installer | Manual | LocalSystem |
| Network Access Protection Agent | Manual | NT AUTHORITY\NetworkService |
| Netlogon | Automatic | LocalSystem |
| Network Connections | Manual | LocalSystem |
| Net.Msmq Listener Adapter | Disabled | NT AUTHORITY\NetworkService |
| Net.Pipe Listener Adapter | Disabled | NT AUTHORITY\LocalService |
| Network List Service | Manual | NT AUTHORITY\LocalService |
| Net.Tcp Listener Adapter | Disabled | NT AUTHORITY\LocalService |
| Net.Tcp Port Sharing Service | Disabled | NT AUTHORITY\LocalService |
| Network Location Awareness | Automatic | NT AUTHORITY\NetworkService |
| Network Store Interface Service | Automatic | NT Authority\LocalService |
| Office_Source Engine | Manual | LocalSystem |
| Office Software Protection Platform | Manual | NT AUTHORITY\NetworkService |
| Performance Counter DLL Host | Manual | NT AUTHORITY\LocalService |
| Performance Logs & Alerts | Manual | NT AUTHORITY\LocalService |
| Plug and Play | Automatic | LocalSystem |
| IPsec Policy Agent | Manual | NT Authority\NetworkService |
| Power | Automatic | LocalSystem |
| User Profile Service | Automatic | LocalSystem |
| Protected Storage | Manual | LocalSystem |
| Remote Access Auto Connection Manager | Manual | localSystem |
| Remote Access Connection Manager | Manual | localSystem |
| Routing and Remote Access | Disabled | localSystem |
| Remote Registry | Automatic | NT AUTHORITY\LocalService |
| RPC Endpoint Mapper | Automatic | NT AUTHORITY\NetworkService |
| Remote Procedure Call (RPC) Locator | Manual | NT AUTHORITY\NetworkService |
| Remote Procedure Call (RPC) | Automatic | NT AUTHORITY\NetworkService |
| Resultant Set of Policy Provider | Manual | LocalSystem |
| Special Administration Console Helper | Manual | LocalSystem |
| Security Accounts Manager | Automatic | LocalSystem |
| Smart Card | Manual | NT AUTHORITY\LocalService |
| Task Scheduler | Automatic | LocalSystem |
| Smart Card Removal Policy | Manual | LocalSystem |
| Secondary Logon | Manual | LocalSystem |
| System Event Notification Service | Automatic | LocalSystem |
| Remote Desktop Configuration | Manual | localSystem |
| Internet Connection Sharing (ICS) | Automatic | LocalSystem |
| Shell Hardware Detection | Automatic | LocalSystem |
| Symantec Management Client | Automatic | LocalSystem |
| Symantec Network Access Control | Disabled | LocalSystem |
| SNMP Trap | Manual | NT AUTHORITY\LocalService |
| Print Spooler | Automatic | LocalSystem |
| Software Protection | Automatic | NT AUTHORITY\NetworkService |
| SPP Notification Service | Manual | NT AUTHORITY\LocalService |
| SSDP Discovery | Disabled | NT AUTHORITY\LocalService |
| Secure Socket Tunneling Protocol Service | Manual | NT Authority\LocalService |
| Windows Image Acquisition (WIA) | Manual | NT Authority\LocalService |
| Microsoft Software Shadow Copy Provider | Manual | LocalSystem |
| Tablet PC Input Service | Manual | LocalSystem |
| Telephony | Manual | NT AUTHORITY\NetworkService |
| TPM Base Services | Manual | NT AUTHORITY\LocalService |
| Remote Desktop Services | Manual | NT Authority\NetworkService |
| Themes | Automatic | LocalSystem |
| Thread Ordering Server | Manual | NT AUTHORITY\LocalService |
| Distributed Link Tracking Client | Automatic | LocalSystem |
| Windows Modules Installer | Manual | localSystem |
| Interactive Services Detection | Manual | LocalSystem |
| Remote Desktop Services UserMode Port Redirector | Manual | localSystem |
| UPnP Device Host | Disabled | NT AUTHORITY\LocalService |
| Desktop Window Manager Session Manager | Automatic | localSystem |
| Credential Manager | Manual | LocalSystem |
| Virtual Disk | Manual | LocalSystem |
| Hyper-V Heartbeat Service | Automatic | NT AUTHORITY\NetworkService |
| Hyper-V Data Exchange Service | Automatic | NT AUTHORITY\LocalService |
| Hyper-V Guest Shutdown Service | Automatic | LocalSystem |
| Hyper-V Time Synchronization Service | Automatic | NT AUTHORITY\LocalService |
| Hyper-V Volume Shadow Copy Requestor | Automatic | LocalSystem |
| Volume Shadow Copy | Manual | LocalSystem |
| Windows Time | Manual | NT AUTHORITY\LocalService |
| Block Level Backup Engine Service | Manual | LocalSystem |
| Windows Color System | Manual | NT AUTHORITY\LocalService |
| Diagnostic Service Host | Manual | NT AUTHORITY\LocalService |
| Diagnostic System Host | Manual | LocalSystem |
| WebClient | Manual | NT AUTHORITY\LocalService |
| Windows Event Collector | Manual | NT AUTHORITY\NetworkService |
| Problem Reports and Solutions Control Panel Support | Manual | localSystem |
| Windows Error Reporting Service | Manual | localSystem |
| Windows Defender | Automatic | LocalSystem |
| WinHTTP Web Proxy Auto-Discovery Service | Manual | NT AUTHORITY\LocalService |
| Windows Management Instrumentation | Automatic | localSystem |
| Windows Remote Management (WS-Management) | Automatic | NT AUTHORITY\NetworkService |
| WMI Performance Adapter | Manual | localSystem |
| Portable Device Enumerator Service | Manual | LocalSystem |
| Windows Update | Automatic | LocalSystem |
| Windows Driver Foundation - User-mode Driver Framework | Manual | LocalSystem |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Folder Permission Check - Folders Under SystemRoot |
| ------------------------------------------------------------ | |||
| %windir% | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\Application Compatibility Scripts | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\AppPatch | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\CSC | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\debug | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\Help | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\inf | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\installer | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Everyone | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Administrators | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\media | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\Registration | |||
| ------------------------------------------------------------ | |||
| Administrators | access_allowed | object_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Everyone | access_allowed | object_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| SYSTEM | access_allowed | object_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\security | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\Temp | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %ProgramFiles%\Common Files | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Folder Permission Check - Folders Under System32 |
| ------------------------------------------------------------ | |||
| %windir%\System32 | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\System32\appmgmt | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Administrators | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Everyone | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| ------------------------------------------------------------ | |||
| %windir%\System32\ias | |||
| ------------------------------------------------------------ | |||
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| NETWORK_SERVICE | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| ------------------------------------------------------------ | |||
| %windir%\System32\Config | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Administrators | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\System32\spool\printers | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| SYSTEM | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\System32\LogFiles | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %windir%\System32\inetsrv | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows File Security Check - C: System Files |
| ------------------------------------------------------------ | |||
| c:\ | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Administrators | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Users | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %ProgramFiles% | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| ------------------------------------------------------------ | |||
| %CommonProgramFiles% | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Administrators | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Users | access_allowed | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner | |
| Creator_Owner | access_allowed | object_inherit=true container_inherit=true inherit_only=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Folder Security - Folders Under Document and Settings |
| ------------------------------------------------------------ | |||
| %userprofile%\Administrator | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Administrators | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| sop.admin | access_allowed | object_inherit=true container_inherit=true | synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Administrator Group Members Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Security Permissions for Important CIFS Pipes |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Last Successful User Login |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Permission on Shares Enumerated |
| share | SHARE TYPE | ACE TYPE | NAME | OWNER | ACE1 | ACE2 | ACE3 | ||||||||||||||||||||||||||||||||||||||
| ADMIN$ | Hidden_Directory | No_Explicit_DACLS | - | - | - | - | - | ||||||||||||||||||||||||||||||||||||||
| C$ | Hidden_Directory | No_Explicit_DACLS | - | - | - | - | - | ||||||||||||||||||||||||||||||||||||||
| IPC$ | Hidden_IPC | No_Explicit_DACLS | - | - | - | - | - | ||||||||||||||||||||||||||||||||||||||
| MTATempStore$ | Directory | Access Allowed for Group | Administrators | Local System | standard-read | standard-write-owner | standard-write-dac | MTATempStore$ | Directory | Access Allowed for Group | Administrators | Local System | standard-delete | - | -MTATempStore$ | Directory | Access Allowed for Group | Local System | Local System | standard-read | standard-write-owner | standard-write-dac | MTATempStore$ | Directory | Access Allowed for Group | Local System | Local System | standard-delete | - | -MTATempStore$ | Directory | Access Allowed for Group | SOP-TS2\DPMRADCOMTrustedMachines | Local System | standard-read | standard-write-owner | standard-write-dac | MTATempStore$ | Directory | Access Allowed for Group | SOP-TS2\DPMRADCOMTrustedMachines | Local System | standard-delete | - | - |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Recently Installed Windows Applications |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Recently Updated Windows Applications |
| Expand | Severity | Title | Port/Service |
|
|
1
|
DNS Host Name |
| IP address | Host name |
| 152.2.40.197 | m46183.pha.unc.edu |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Firewall Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Network Adapter MAC Address |
| Method | MAC Address | Vendor |
| NBTSTAT | 00:15:5D:02:66:13 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Processor Information for Windows Target System |
| HKLM\System\CurrentControlSet\Control\Session Manager\Environment | ||
| PROCESSOR_IDENTIFIER | = | Intel64 Family 6 Model 45 Stepping 7, GenuineIntel |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Target Network Information |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Service Provider |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Traceroute |
| Hops | IP | Round Trip Time | Probe |
| 1 | 152.2.20.1 | 0.48ms | ICMP |
| 2 | 152.19.253.105 | 0.90ms | ICMP |
| 3 | 152.19.255.254 | 1.13ms | ICMP |
| 4 | 152.19.255.210 | 1.14ms | ICMP |
| 5 | 152.2.40.197 | 1.32ms | ICMP |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Virtual Private Networks |
| Port | Service | Description |
| 500 | ISAKMP/IKE | ISAKMP/IKE key exchange for IPsec Virtual Private Network |
| Expand | Severity | Title | Port/Service |
|
|
1
|
VPN Authentications |
| Authentication | Description |
| GSS-API | GSS-API using Kerberos |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IKE Service Implementation Identified |
If one or more of these subtle differences is modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the IKE implementation may not be detected correctly.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Disabled Accounts Enumerated From SAM Database |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Administrator Account's Real Name Found From LSA Enumeration |
Windows systems by default have the administrator account's name configured as "Administrator". This can very easily be changed to a non-default value (like root, for example) to harden security against password bruteforcing.
LSA, internally, refers to user accounts by what are called RIDs (Relative IDs) instead of the friendlier names (like "Administrator") used only for GUI and display purposes. The administrator account on any Windows system always has a RID of 500, even if the name has been changed.
The scanner probed the LSA for the name that maps to the RID of 500, which is the administrator account name, changed or unchanged. The name is listed in the Result section below.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Scan Time |
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Names Found |
| Host Name | Source |
| SOP-TS2.ad.unc.edu | NTLM DNS |
| m46183.pha.unc.edu | FQDN |
| SOP-TS2 | NTLM NetBIOS |
| SOP-TS2 | NetBIOS |
| Expand | Severity | Title | Port/Service |
|
|
1
|
NTFS Settings Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Sun Java Runtime Environment Installed |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Interface Names and Assigned IP Address Enumerated from Registry |
| Interface: | Microsoft Virtual Machine Bus Network Adapter | IP Address: | 152.2.40.197 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Java Runtime Environment 1.6 Installed |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Management Instrumentation Service (WMI) Is Running |
The target has WMI service installed and running.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Authentication Method |
The service also attempts to authenticate using common credentials. You should verify that the credentials used for successful authentication were those that were provided in the Windows authentication record. User-provided credentials failed if the discovery method shows "Unable to log in using credentials provided by user, fallback to NULL session". If this is the case, verify that the credentials specified in the Windows authentication record are valid for this host.
| User Name | DOM qualys.scn |
| Domain | AD |
| Authentication Scheme | Kerberos |
| Security | User-based |
| SMBv1 Signing | Enabled |
| Discovery Method | Login credentials provided by user |
| Authentication Record | AD.UNC.EDU Credentials |
| CIFS Version | SMB v2.1 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Authentication Method for User-Provided Credentials |
| User Name | DOM qualys.scn |
| Domain | AD |
| Authentication Scheme | Kerberos |
| Security | User-based |
| SMBv1 Signing | Enabled |
| Authentication Record | AD.UNC.EDU Credentials |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open UDP Services List |
Note that if the host is behind a firewall, there is a small chance that the list includes a few ports that are filtered or blocked by the firewall but are not actually open on the target host. This (false positive on UDP open ports) may happen when the firewall is configured to reject UDP packets for most (but not all) ports with an ICMP Port Unreachable packet. This may also happen when the firewall is configured to allow UDP packets for most (but not all) ports through and filter/block/drop UDP packets for only a few ports. Both cases are uncommon.
| Port | IANA Assigned Ports/Services | Description | Service Detected |
| 137 | netbios-ns | NETBIOS Name Service | netbios ns |
| 500 | isakmp | isakmp | isakmp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open TCP Services List |
The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).
| Port | IANA Assigned Ports/Services | Description | Service Detected | OS On Redirected Port |
| 135 | msrpc-epmap | epmap DCE endpoint resolution | DCERPC Endpoint Mapper | |
| 139 | netbios-ssn | NETBIOS Session Service | netbios ssn | |
| 445 | microsoft-ds | Microsoft-DS | microsoft-ds | |
| 27599 | unknown | unknown | unknown over ssl |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ICMP Replies Received |
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
| ICMP Reply Type | Triggered By | Additional Information |
| Echo (type=0 code=0) | Echo Request | Echo Reply |
| Expand | Severity | Title | Port/Service |
|
|
1
|
NetBIOS Host Name |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Degree of Randomness of TCP Initial Sequence Numbers |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IP ID Values Randomness |
Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
NetBIOS Workgroup Name Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Enabled Winlogon CD-ROM Allocation |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows CDROM Autorun Enabled |
If Autorun is enabled, it puts the machine into potential malaware risk or even virus infection. Mostly, viruses and worms are spread using the windows AutoRun feature.
In the past, Sony rootkit issue exploited machines that had Autorun enabled to secretly infect them by digital rights management software after playing certain CDs. The Downadup/Conficker worm is known to have infected a lot of machines and the use of the Autoplay functionality has been one of the major attack vector and propagation method for the worm to spread.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom
To selectively disable specific Autorun features, change the "NoDriveTypeAutoRun" entry in one of the following registry key subkeys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\
The value of the NoDriveTypeAutoRun registry entry determines which drive or drives the Autorun functionality will be disabled for. Settings for the NoDriveTypeAutoRun registry entry are listed below:
0x1 = Disables AutoPlay on drives of unknown type
0x4 = Disables AutoPlay on removable drives
0x8 = Disables AutoPlay on fixed drives
0x10 = Disables AutoPlay on network drives
0x20 = Disables AutoPlay on CD-ROM drives
0x40 = Disables AutoPlay on RAM disks
0x80 = Disables AutoPlay on drives of unknown type
0xFF = Disables AutoPlay on all kinds of drives
You may also disable the service by setting the group policy object (GPO). HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
Detailed steps on disabling the Autorun functionality for different Windows platforms through various methods are available at Microsoft Knowledge Base Articles KB967715 and KB953252.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Disabled Clear Page File |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
| Expand | Severity | Title | Port/Service |
|
|
1
|
Possible Log Recording Issues |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
| Expand | Severity | Title | Port/Service |
|
|
1
|
Enabled Caching of Dial-up Password Feature |
Since Windows automatically provides the saved dial-up password, unauthorized users with local access to this host can connect and dial the remote host without the password.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Services List |
| Name | Status | Description |
| AeLookupSvc | started | Application Experience |
| ALG | Application Layer Gateway Service | |
| AppIDSvc | Application Identity | |
| Appinfo | Application Information | |
| AppMgmt | Application Management | |
| aspnet_state | ASP.NET State Service | |
| AudioEndpointBuilder | started | Windows Audio Endpoint Builder |
| AudioSrv | started | Windows Audio |
| BFE | started | Base Filtering Engine |
| BITS | started | Background Intelligent Transfer Service |
| Browser | Computer Browser | |
| ccEvtMgr | started | Symantec Event Manager |
| ccSetMgr | started | Symantec Settings Manager |
| CertPropSvc | started | Certificate Propagation |
| clr_optimization_v2.0.50727_32 | Microsoft .NET Framework NGEN v2.0.50727_X86 | |
| clr_optimization_v2.0.50727_64 | Microsoft .NET Framework NGEN v2.0.50727_X64 | |
| clr_optimization_v4.0.30319_32 | Microsoft .NET Framework NGEN v4.0.30319_X86 | |
| clr_optimization_v4.0.30319_64 | Microsoft .NET Framework NGEN v4.0.30319_X64 | |
| COMSysApp | COM+ System Application | |
| CryptSvc | started | Cryptographic Services |
| CscService | Offline Files | |
| DcomLaunch | started | DCOM Server Process Launcher |
| defragsvc | Disk Defragmenter | |
| Dhcp | started | DHCP Client |
| Dnscache | started | DNS Client |
| dot3svc | Wired AutoConfig | |
| DpmCPWrapperService | DPM CPWrapper Service | |
| DPMRA | DPMRA | |
| DPS | started | Diagnostic Policy Service |
| EapHost | Extensible Authentication Protocol | |
| EFS | Encrypting File System (EFS) | |
| eventlog | started | Windows Event Log |
| EventSystem | started | COM+ Event System |
| FCRegSvc | Microsoft Fibre Channel Platform Registration Service | |
| fdPHost | Function Discovery Provider Host | |
| FDResPub | Function Discovery Resource Publication | |
| FontCache | started | Windows Font Cache Service |
| FontCache3.0.0.0 | Windows Presentation Foundation Font Cache 3.0.0.0 | |
| gpsvc | started | Group Policy Client |
| hidserv | Human Interface Device Access | |
| hkmsvc | Health Key and Certificate Management | |
| idsvc | Windows CardSpace | |
| IKEEXT | started | IKE and AuthIP IPsec Keying Modules |
| IPBusEnum | PnP-X IP Bus Enumerator | |
| iphlpsvc | started | IP Helper |
| KeyIso | CNG Key Isolation | |
| KtmRm | KtmRm for Distributed Transaction Coordinator | |
| LanmanServer | started | Server |
| LanmanWorkstation | started | Workstation |
| LiveUpdate | LiveUpdate | |
| lltdsvc | Link-Layer Topology Discovery Mapper | |
| lmhosts | started | TCP/IP NetBIOS Helper |
| Microsoft SharePoint Workspace Audit Service | Microsoft SharePoint Workspace Audit Service | |
| MMCSS | started | Multimedia Class Scheduler |
| MpsSvc | started | Windows Firewall |
| MSDTC | started | Distributed Transaction Coordinator |
| MSiSCSI | Microsoft iSCSI Initiator Service | |
| msiserver | Windows Installer | |
| napagent | Network Access Protection Agent | |
| Netlogon | started | Netlogon |
| Netman | started | Network Connections |
| NetMsmqActivator | Net.Msmq Listener Adapter | |
| NetPipeActivator | Net.Pipe Listener Adapter | |
| netprofm | started | Network List Service |
| NetTcpActivator | Net.Tcp Listener Adapter | |
| NetTcpPortSharing | Net.Tcp Port Sharing Service | |
| NlaSvc | started | Network Location Awareness |
| nsi | started | Network Store Interface Service |
| ose | Office Source Engine | |
| osppsvc | started | Office Software Protection Platform |
| PerfHost | Performance Counter DLL Host | |
| pla | Performance Logs & Alerts | |
| PlugPlay | started | Plug and Play |
| PolicyAgent | started | IPsec Policy Agent |
| Power | started | Power |
| ProfSvc | started | User Profile Service |
| ProtectedStorage | started | Protected Storage |
| RasAuto | Remote Access Auto Connection Manager | |
| RasMan | started | Remote Access Connection Manager |
| RemoteAccess | Routing and Remote Access | |
| RemoteRegistry | started | Remote Registry |
| RpcEptMapper | started | RPC Endpoint Mapper |
| RpcLocator | Remote Procedure Call (RPC) Locator | |
| RpcSs | started | Remote Procedure Call (RPC) |
| RSoPProv | Resultant Set of Policy Provider | |
| sacsvr | Special Administration Console Helper | |
| SamSs | started | Security Accounts Manager |
| SCardSvr | Smart Card | |
| Schedule | started | Task Scheduler |
| SCPolicySvc | Smart Card Removal Policy | |
| seclogon | Secondary Logon | |
| SENS | started | System Event Notification Service |
| SessionEnv | started | Remote Desktop Configuration |
| SharedAccess | Internet Connection Sharing (ICS) | |
| ShellHWDetection | Shell Hardware Detection | |
| SmcService | started | Symantec Management Client |
| SNAC | Symantec Network Access Control | |
| SNMPTRAP | SNMP Trap | |
| Spooler | started | Print Spooler |
| sppsvc | Software Protection | |
| sppuinotify | SPP Notification Service | |
| SSDPSRV | SSDP Discovery | |
| SstpSvc | started | Secure Socket Tunneling Protocol Service |
| stisvc | Windows Image Acquisition (WIA) | |
| swprv | Microsoft Software Shadow Copy Provider | |
| Symantec AntiVirus | started | Symantec Endpoint Protection |
| TabletInputService | Tablet PC Input Service | |
| TapiSrv | started | Telephony |
| TBS | TPM Base Services | |
| TermService | started | Remote Desktop Services |
| Themes | started | Themes |
| THREADORDER | Thread Ordering Server | |
| TrkWks | started | Distributed Link Tracking Client |
| TrustedInstaller | Windows Modules Installer | |
| UI0Detect | Interactive Services Detection | |
| UmRdpService | started | Remote Desktop Services UserMode Port Redirector |
| upnphost | UPnP Device Host | |
| UxSms | started | Desktop Window Manager Session Manager |
| VaultSvc | Credential Manager | |
| vds | Virtual Disk | |
| vmicheartbeat | started | Hyper-V Heartbeat Service |
| vmickvpexchange | started | Hyper-V Data Exchange Service |
| vmicshutdown | started | Hyper-V Guest Shutdown Service |
| vmictimesync | started | Hyper-V Time Synchronization Service |
| vmicvss | started | Hyper-V Volume Shadow Copy Requestor |
| VSS | Volume Shadow Copy | |
| W32Time | started | Windows Time |
| wbengine | Block Level Backup Engine Service | |
| WcsPlugInService | Windows Color System | |
| WdiServiceHost | Diagnostic Service Host | |
| WdiSystemHost | Diagnostic System Host | |
| WebClient | WebClient | |
| Wecsvc | Windows Event Collector | |
| wercplsupport | Problem Reports and Solutions Control Panel Support | |
| WerSvc | Windows Error Reporting Service | |
| WinDefend | started | Windows Defender |
| WinHttpAutoProxySvc | WinHTTP Web Proxy Auto-Discovery Service | |
| Winmgmt | started | Windows Management Instrumentation |
| WinRM | started | Windows Remote Management (WS-Management) |
| wmiApSrv | WMI Performance Adapter | |
| WPDBusEnum | Portable Device Enumerator Service | |
| wuauserv | started | Windows Update |
| wudfsvc | Windows Driver Foundation - User-mode Driver Framework |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Drivers List |
| Name | Status | Description |
| 1394ohci | 1394 OHCI Compliant Host Controller | |
| ACPI | started | Microsoft ACPI Driver |
| AcpiPmi | ACPI Power Meter Driver | |
| adp94xx | adp94xx | |
| adpahci | adpahci | |
| adpu320 | adpu320 | |
| AFD | started | Ancillary Function Driver for Winsock |
| agp440 | Intel AGP Bus Filter | |
| aliide | aliide | |
| amdide | amdide | |
| AmdK8 | AMD K8 Processor Driver | |
| AmdPPM | AMD Processor Driver | |
| amdsata | amdsata | |
| amdsbs | amdsbs | |
| amdxata | started | amdxata |
| AppID | AppID Driver | |
| arc | arc | |
| arcsas | arcsas | |
| AsyncMac | started | RAS Asynchronous Media Driver |
| atapi | started | IDE Channel |
| b06bdrv | Broadcom NetXtreme II VBD | |
| b57nd60a | Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 | |
| Beep | Beep | |
| blbdrive | started | blbdrive |
| bowser | started | Browser Support Driver |
| BrFiltLo | Brother USB Mass-Storage Lower Filter Driver | |
| BrFiltUp | Brother USB Mass-Storage Upper Filter Driver | |
| Brserid | Brother MFC Serial Port Interface Driver (WDM) | |
| BrSerWdm | Brother WDM Serial driver | |
| BrUsbMdm | Brother MFC USB Fax Only Modem | |
| BrUsbSer | Brother MFC USB Serial WDM Driver | |
| cdfs | CD/DVD File System Reader | |
| cdrom | started | CD-ROM Driver |
| CLFS | started | Common Log (CLFS) |
| CmBatt | Microsoft ACPI Control Method Battery Driver | |
| cmdide | cmdide | |
| CNG | started | CNG |
| Compbatt | Compbatt | |
| CompositeBus | started | Composite Bus Enumerator Driver |
| crcdisk | Crcdisk Filter Driver | |
| CSC | Offline Files Driver | |
| ctxusbm | started | Citrix USB Monitor Driver |
| DfsC | started | DFS Namespace Client Driver |
| discache | started | System Attribute Cache |
| Disk | started | Disk Driver |
| dmvsc | started | dmvsc |
| DpmFilter | started | DpmFilter |
| DXGKrnl | LDDM Graphics Subsystem | |
| ebdrv | Broadcom NetXtreme II 10 GigE VBD | |
| eeCtrl | started | Symantec Eraser Control driver |
| elxstor | elxstor | |
| EraserUtilRebootDrv | started | EraserUtilRebootDrv |
| ErrDev | Microsoft Hardware Error Device Driver | |
| exfat | exFAT File System Driver | |
| fastfat | FAT12/16/32 File System Driver | |
| fdc | started | Floppy Disk Controller Driver |
| FileInfo | File Information FS MiniFilter | |
| Filetrace | Filetrace | |
| flpydisk | started | Floppy Disk Driver |
| FltMgr | started | FltMgr |
| FsDepends | File System Dependency Minifilter | |
| gagp30kx | Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms | |
| HDAudBus | Microsoft UAA Bus Driver for High Definition Audio | |
| HidBatt | HID UPS Battery Driver | |
| HidUsb | Microsoft HID Class Driver | |
| HpSAMD | HpSAMD | |
| HTTP | started | HTTP |
| hwpolicy | started | Hardware Policy Driver |
| i8042prt | started | i8042 Keyboard and PS/2 Mouse Port Driver |
| iaStorV | Intel RAID Controller Windows 7 | |
| iirsp | iirsp | |
| intelide | started | intelide |
| intelppm | started | Intel Processor Driver |
| ioatdma | Intel(R) QuickData Technology Device | |
| IpFilterDriver | IP Traffic Filter Driver | |
| IPMIDRV | IPMIDRV | |
| IPNAT | IP Network Address Translator | |
| isapnp | isapnp | |
| iScsiPrt | iScsiPort Driver | |
| kbdclass | started | Keyboard Class Driver |
| kbdhid | Keyboard HID Driver | |
| KSecDD | started | KSecDD |
| KSecPkg | started | KSecPkg |
| ksthunk | Kernel Streaming Thunks | |
| lltdio | started | Link-Layer Topology Discovery Mapper I/O Driver |
| LSI_FC | LSI_FC | |
| LSI_SAS | LSI_SAS | |
| LSI_SAS2 | LSI_SAS2 | |
| LSI_SCSI | LSI_SCSI | |
| luafv | started | UAC File Virtualization |
| megasas | megasas | |
| MegaSR | MegaSR | |
| Modem | Modem | |
| monitor | Microsoft Monitor Class Function Driver Service | |
| mouclass | started | Mouse Class Driver |
| mouhid | started | Mouse HID Driver |
| mountmgr | started | Mount Point Manager |
| mpio | mpio | |
| mpsdrv | started | Windows Firewall Authorization Driver |
| MRxDAV | WebDav Client Redirector Driver | |
| mrxsmb | started | SMB MiniRedirector Wrapper and Engine |
| mrxsmb10 | started | SMB 1.x MiniRedirector |
| mrxsmb20 | started | SMB 2.0 MiniRedirector |
| msahci | msahci | |
| msdsm | msdsm | |
| Msfs | started | Msfs |
| mshidkmdf | Pass-through HID to KMDF Filter Driver | |
| msisadrv | started | msisadrv |
| MsRPC | MsRPC | |
| mssmbios | started | Microsoft System Management BIOS Driver |
| MTConfig | Microsoft Input Configuration Driver | |
| Mup | started | Mup |
| NAVENG | started | NAVENG |
| NAVEX15 | started | NAVEX15 |
| NDIS | started | NDIS System Driver |
| NdisCap | NDIS Capture LightWeight Filter | |
| NdisTapi | started | Remote Access NDIS TAPI Driver |
| Ndisuio | NDIS Usermode I/O Protocol | |
| NdisWan | started | Remote Access NDIS WAN Driver |
| NDProxy | started | NDIS Proxy |
| NetBIOS | started | NetBIOS Interface |
| NetBT | started | NetBT |
| netvsc | started | netvsc |
| nfrd960 | nfrd960 | |
| Npfs | started | Npfs |
| nsiproxy | started | NSI proxy service driver. |
| Ntfs | started | Ntfs |
| Null | started | Null |
| nvraid | nvraid | |
| nvstor | nvstor | |
| nv_agp | NVIDIA nForce AGP Bus Filter | |
| ohci1394 | 1394 OHCI Compliant Host Controller (Legacy) | |
| Parport | Parallel port driver | |
| partmgr | started | Partition Manager |
| pci | started | PCI Bus Driver |
| pciide | pciide | |
| pcmcia | pcmcia | |
| pcw | started | Performance Counters for Windows Driver |
| PEAUTH | started | PEAUTH |
| PptpMiniport | started | WAN Miniport (PPTP) |
| Processor | Processor Driver | |
| Psched | started | QoS Packet Scheduler |
| ql2300 | ql2300 | |
| ql40xx | ql40xx | |
| RasAcd | Remote Access Auto Connection Driver | |
| RasAgileVpn | started | WAN Miniport (IKEv2) |
| Rasl2tp | started | WAN Miniport (L2TP) |
| RasPppoe | started | Remote Access PPPOE Driver |
| RasSstp | started | WAN Miniport (SSTP) |
| rdbss | started | Redirected Buffering Sub Sysytem |
| rdpbus | started | Remote Desktop Device Redirector Bus Driver |
| RDPCDD | started | RDPCDD |
| RDPDR | started | Terminal Server Device Redirector Driver |
| RDPENCDD | started | RDP Encoder Mirror Driver |
| RDPREFMP | started | Reflector Display Driver used to gain access to graphics data |
| RDPWD | started | RDP Winstation Driver |
| rspndr | started | Link-Layer Topology Discovery Responder |
| s3cap | started | s3cap |
| sacdrv | sacdrv | |
| sbp2port | sbp2port | |
| scfilter | Smart card PnP Class Filter Driver | |
| secdrv | started | Security Driver |
| Serenum | started | Serenum Filter Driver |
| Serial | started | Serial port driver |
| sermouse | Serial Mouse Driver | |
| sffdisk | SFF Storage Class Driver | |
| sffp_mmc | SFF Storage Protocol Driver for MMC | |
| sffp_sd | SFF Storage Protocol Driver for SDBus | |
| sfloppy | High-Capacity Floppy Disk Drive | |
| SiSRaid2 | SiSRaid2 | |
| SiSRaid4 | SiSRaid4 | |
| Smb | Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) | |
| spldr | started | Security Processor Loader Driver |
| SRTSP | started | SRTSP |
| SRTSPL | SRTSPL | |
| SRTSPX | started | SRTSPX |
| srv | started | Server SMB 1.xxx Driver |
| srv2 | started | Server SMB 2.xxx Driver |
| srvnet | started | srvnet |
| stexstor | stexstor | |
| storflt | started | Disk Virtual Machine Bus Acceleration Filter Driver |
| storvsc | started | storvsc |
| storvsp | storvsp | |
| swenum | started | Software Bus Driver |
| SymEvent | started | SymEvent |
| SynthVid | started | SynthVid |
| Tcpip | started | TCP/IP Protocol Driver |
| TCPIP6 | Microsoft IPv6 Protocol Driver | |
| tcpipreg | started | TCP/IP Registry Compatibility |
| TDPIPE | TDPIPE | |
| TDTCP | started | TDTCP |
| tdx | started | NetIO Legacy TDI Support Driver |
| TermDD | started | Terminal Device Driver |
| tssecsrv | started | Remote Desktop Services Security Filter Driver |
| TsUsbFlt | TsUsbFlt | |
| TsUsbGD | Remote Desktop Generic USB Device | |
| tunnel | Microsoft Tunnel Miniport Adapter Driver | |
| uagp35 | Microsoft AGPv3.5 Filter | |
| udfs | udfs | |
| uliagpkx | Uli AGP Bus Filter | |
| umbus | started | UMBus Enumerator Driver |
| UmPass | Microsoft UMPass Driver | |
| usbccgp | Microsoft USB Generic Parent Driver | |
| usbehci | Microsoft USB 2.0 Enhanced Host Controller Miniport Driver | |
| usbhub | Microsoft USB Standard Hub Driver | |
| usbohci | Microsoft USB Open Host Controller Miniport Driver | |
| usbprint | Microsoft USB PRINTER Class | |
| USBSTOR | USB Mass Storage Driver | |
| usbuhci | Microsoft USB Universal Host Controller Miniport Driver | |
| vdrvroot | started | Microsoft Virtual Drive Enumerator Driver |
| vga | vga | |
| VgaSave | started | VgaSave |
| vhdmp | vhdmp | |
| viaide | viaide | |
| Vid | Vid | |
| vmbus | started | Virtual Machine Bus |
| VMBusHID | started | VMBusHID |
| volmgr | started | Volume Manager Driver |
| volmgrx | started | Dynamic Volume Manager |
| volsnap | started | Storage volumes |
| vsmraid | vsmraid | |
| WacomPen | Wacom Serial Pen HID Driver | |
| WANARP | Remote Access IP ARP Driver | |
| Wanarpv6 | started | Remote Access IPv6 ARP Driver |
| Wd | Wd | |
| Wdf01000 | started | Kernel Mode Driver Frameworks service |
| WfpLwf | started | WFP Lightweight Filter |
| WIMMount | WIMMount | |
| WmiAcpi | Microsoft Windows Management Interface for ACPI | |
| ws2ifsl | Winsock IFS Driver | |
| WudfPf | User Mode Driver Frameworks Platform Driver |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Product Type |
| HKLM\Software\Microsoft\Windows NT\CurrentVersion | ||
| CurrentVersion | = | 6.1 |
| ProductName | = | Windows Server 2008 R2 Enterprise |
| HKLM\SYSTEM\currentControlSet\Control\ProductOptions | ||
| ProductSuite | = | {"Enterprise", "Terminal Server"} |
| ProductType | = | ServerNT |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Registry Key Access Denied |
| HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\Properties\ |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Internet Explorer Version |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Access to File Share is Enabled |
| Expand | Severity | Title | Port/Service |
|
|
1
|
BITS running on target |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows File Access Denied |
| File path | Error code |
| C:\Documents And Settings | C0000022 |
| C:\Users\Default User | C0000022 |
| C:\Users\All Users | 8000002D |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Internet Explorer 9.x Installed |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Registry Access Level |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows System Hardware Enumeration, CPU |
| HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | ||
| Identifier | = | Intel64 Family 6 Model 45 Stepping 7 |
| ProcessorNameString | = | Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz |
| VendorIdentifier | = | GenuineIntel |
| ~MHz | = | 1999 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows System Hardware Enumeration, IDE Controllers |
| HKLM\SYSTEM\CurrentControlSet\Enum\pci\VEN_8086&DEV_7111&SUBSYS_00000000&REV_01\3&267a616a&1&39\Control | {4d36e96a-e325-11ce-bfc1-08002be10318}\0000 |
| Dev: | @mshdc.inf, %pci\ven_8086&dev_7111.devicedesc%;Intel(R) 82371AB/EB PCI Bus Master IDE Controller |
| Manufacturer: | @mshdc.inf, %intel%;Intel |
| Service: | intelide |
| Driver Instance: | {4d36e96a-e325-11ce-bfc1-08002be10318}\0000 |
| Driver Description: | Intel(R) 82371AB/EB PCI Bus Master IDE Controller |
| Driver_Date: | 6-21-2006 |
| Driver_Version: | 6.1.7601.17514 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows System Hardware Enumeration, Input Devices |
| HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0F03\4&30998706&0\Control | {4d36e96f-e325-11ce-bfc1-08002be10318}\0000 | |||
| Dev: | @msmouse.inf, %*pnp0f03.devicedesc%;Microsoft PS/2 Mouse | |||
| Manufacturer: | @msmouse.inf, %msmfg%;Microsoft | |||
| Service: | i8042prt | |||
| Driver Instance: | {4d36e96f-e325-11ce-bfc1-08002be10318}\0000 | |||
| Driver Description: | Microsoft PS/2 Mouse | |||
| Driver_Date: | 6-21-2006 | |||
| Driver_Version: | 6.1.7600.16385 | |||
| HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0303\4&30998706&0\Control | {4d36e96b-e325-11ce-bfc1-08002be10318}\0000 | |||
| Dev: | @keyboard.inf, %*pnp0303.devicedesc%;Standard | PS/2 | Keyboard | |
| Manufacturer: | @keyboard.inf, %std-keyboards%;(Standard | keyboards) | ||
| Service: | i8042prt | |||
| Driver | Instance: | {4d36e96b-e325-11ce-bfc1-08002be10318}\0000 | ||
| Driver | Description: | Standard | PS/2 | Keyboard |
| Driver Date: | 6-21-2006 | |||
| Driver Version: | 6.1.7601.17514 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows System Hardware Enumeration, Networking Components |
| HKLM\SYSTEM\CurrentControlSet\Enum\sw\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Control | {4d36e972-e325-11ce-bfc1-08002be10318}\0011 |
| Dev: | @netrasa.inf, %mp-asyncmac-dispname%;RAS Async Adapter |
| Manufacturer: | @netrasa.inf, %msft%;Microsoft |
| Service: | AsyncMac |
| Driver Instance: | {4d36e972-e325-11ce-bfc1-08002be10318}\0011 |
| Driver Description: | RAS Async Adapter |
| Driver_Date: | 6-21-2006 |
| Driver_Version: | 6.1.7601.17514 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows System Hardware Enumeration: Serial, Parallel and USB Device Drivers |
For serial ports and parallel ports, this information is provided: name, status, I/O port (the communication channel among hardware devices installed on the computer), IRQ channel, and driver.
| HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0501\1\Control | {4d36e978-e325-11ce-bfc1-08002be10318}\0000 |
| Dev: | @msports.inf, %*pnp0501.devicedesc%;Communications Port |
| Manufacturer: | @msports.inf, %std%;(Standard port types) |
| Service: | Serial |
| Driver Instance: | {4d36e978-e325-11ce-bfc1-08002be10318}\0000 |
| Driver Description: | Communications Port |
| Driver_Date: | 6-21-2006 |
| Driver_Version: | 6.1.7600.16385 |
| HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0501\2\Control | {4d36e978-e325-11ce-bfc1-08002be10318}\0001 |
| Dev: | @msports.inf, %*pnp0501.devicedesc%;Communications Port |
| Manufacturer: | @msports.inf, %std%;(Standard port types) |
| Service: | Serial |
| Driver Instance: | {4d36e978-e325-11ce-bfc1-08002be10318}\0001 |
| Driver Description: | Communications Port |
| Driver_Date: | 6-21-2006 |
| Driver_Version: | 6.1.7600.16385 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Audit Settings Enumerated From LSA |
You should specify an administrator privileged user in the "Windows Authentication Record" preferences of QualysGuard for this detection to be successful.
Use the MMC snapin "Administrative Tools" - "Local Security Policy" to change the settings. These options are listed under "Local Policy" - "Audit Policy".
| Audit system events | Success, Failure |
| Audit logon events | No Auditing |
| Audit object access | No Auditing |
| Audit privilege use | No Auditing |
| Audit process tracking | No Auditing |
| Audit policy change | No Auditing |
| Audit account management | No Auditing |
| Audit directory service access | No Auditing |
| Audit account logon events | No Auditing |
| Expand | Severity | Title | Port/Service |
|
|
1
|
File Access Permissions for Regedt32.exe |
| Expand | Severity | Title | Port/Service |
|
|
1
|
File Access Permissions for Regedit.exe |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows System EventLog Policy Parameters |
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System
RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the System EventLog.
MaxSize - This value specifies tha maximum size limit for the System EventLog database.
Retention - This value specifies the overwrite behavior for the System EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify number of days that eventlog entries are preserved before overwriting.
| HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System | ||
| MaxSize | = | 33554432 |
| Retention | = | 0 |
| RestrictGuestAccess | = | 1 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Application EventLog Policy Parameters |
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Application EventLog database.
MaxSize - This value specifies tha maximum size limit for the Application EventLog database.
Retention - This value specifies the overwrite behavior for the Application EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.
| HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application | ||
| MaxSize | = | 33554432 |
| Retention | = | 0 |
| RestrictGuestAccess | = | 1 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Security EventLog Policy Parameters |
RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Security EventLog.
MaxSize - This value specifies tha maximum size limit for the Security EventLog database.
Retention - This value specifies the overwrite behavior for the Security EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.
| HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security | ||
| MaxSize | = | 1073741824 |
| Retention | = | 0 |
| RestrictGuestAccess | = | 1 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Message For Users Attempting To Logon To Windows System |
LegalNoticeCaption (REG_SZ) and LegalNoticeText (REG_SZ)
| Expand | Severity | Title | Port/Service |
|
|
1
|
Group Policy Objects Processed By SecCli are Enumerated from History Log |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Builtin User Group Membership Audit - Backup Operators |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Builtin User Group Membership Audit - Replicator |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Builtin User Group Membership Audit - Network Configuration Operators |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IPSEC Policy Agent Service Status Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ActiveX Controls Enumerated |
| Control: | {04a1e553-fe36-4fde-865e-344194e69424} | DisplayName: | Microsoft InkPicture Control | Version: | 1.0 |
| Control: | {0556E0C2-6940-457a-A3D5-6BB7F4C2288F} | DisplayName: | DataModel Class | Version: | 9.2 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Explorer Search Companion Setting |
| KEY: | Software\Microsoft\Internet Explorer\Main | Use Search Asst |
| Local_System | Last Change: | value_missing_Q |
| Local_Service | Last Change: | value_missing_Q |
| Network_Service | Last Change: | value_missing_Q |
| Domain_Administrator | Last Change: | value_missing_Q |
| AD\linhong | Last Change: | value_missing_Q |
| AD\raden | Last Change: | value_missing_Q |
| AD\sop_cdfreema.adm | Last Change: | value_missing_Q |
| AD\sayner | Last Change: | value_missing_Q |
| AD\mcinty | Last Change: | value_missing_Q |
| AD\slota | Last Change: | value_missing_Q |
| AD\cquach | Last Change: | value_missing_Q |
| AD\awr | Last Change: | value_missing_Q |
| AD\slewis7 | Last Change: | value_missing_Q |
| AD\dombekdm | Last Change: | value_missing_Q |
| AD\gangfang | Last Change: | value_missing_Q |
| AD\oramsc | Last Change: | value_missing_Q |
| AD\sop_dombekdm.adm | Last Change: | value_missing_Q |
| AD\overmar | Last Change: | value_missing_Q |
| AD\moorehn | Last Change: | value_missing_Q |
| AD\mborse | Last Change: | value_missing_Q |
| AD\tadurham | Last Change: | value_missing_Q |
| AD\diep211 | Last Change: | value_missing_Q |
| AD\cdfreema | Last Change: | value_missing_Q |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Defender Installed |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Office Component Detected |
Microsoft Office is a proprietary commercial office suite of desktop applications, servers and services for the Microsoft Windows and Mac OS X operating systems.
| Application | Installed Version | Location |
| Microsoft Word 2010 | 14.0.6129.5000 | C:\Program Files (x86)\Microsoft Office\Office14\\winword.exe |
| Microsoft Access 2010 | 14.0.6024.1000 | C:\Program Files (x86)\Microsoft Office\Office14\\msaccess.exe |
| Microsoft Excel 2010 | 14.0.6126.5003 | C:\Program Files (x86)\Microsoft Office\Office14\\excel.exe |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Silverlight Version |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 27599/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 27599/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL/TLS invalid protocol version tolerance | port 27599/tcp over SSL |
| my version | target version |
| 0304 | 0301 |
| 0399 | 0301 |
| 0400 | 0301 |
| 0499 | 0301 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate will expire within next six months | port 27599/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 27599/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 27599/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 4e:ca:bc:b9:90:6b:92:99:4a:65:5e:b4:6f:ba:ec:8e |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| commonName | SOP-TS2.ad.unc.edu |
| (0)SUBJECT NAME | |
| commonName | SOP-TS2.ad.unc.edu |
| (0)Valid From | Mar 18 16:38:10 2013 GMT |
| (0)Valid Till | Sep 17 16:38:10 2013 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (2048 bit) |
| (0) | Public-Key: (2048 bit) |
| (0) | Modulus: |
| (0) | 00:9a:fd:e4:26:e5:a8:e8:1b:31:87:fb:92:0b:f7: |
| (0) | 7e:c9:a6:32:1e:f5:8a:ed:1d:8b:2b:36:e2:f4:cb: |
| (0) | bd:90:86:a2:1d:85:e4:ee:65:f6:97:7b:3e:10:0f: |
| (0) | 96:ee:e3:bd:4e:ea:18:ca:c5:2e:ae:63:c4:6c:51: |
| (0) | 56:36:e8:81:27:c0:22:66:fd:77:f8:be:7c:ba:bd: |
| (0) | 55:aa:ec:9c:a8:a5:21:f5:3a:f9:cf:cd:8a:e8:e4: |
| (0) | 52:58:55:06:d8:3a:d4:23:21:ab:21:28:28:a7:8f: |
| (0) | 95:d8:fc:49:90:af:56:e7:93:6b:a7:71:50:ad:b9: |
| (0) | 4c:a4:5e:fd:78:c0:43:44:94:2f:d7:33:8e:12:04: |
| (0) | 2d:3f:34:a1:b4:2a:a6:b5:2c:72:16:e4:99:a8:d2: |
| (0) | ed:79:07:99:f3:6e:3b:54:d6:3f:e1:60:55:ec:5b: |
| (0) | c8:5a:63:7a:e9:a2:61:40:2e:aa:5e:f5:be:6a:72: |
| (0) | 46:4b:61:4e:48:d4:ab:16:f7:e1:28:da:96:27:d6: |
| (0) | 3c:d6:ee:2e:1a:ad:96:22:1e:c3:9e:22:24:45:13: |
| (0) | 05:91:a2:1b:1c:44:d2:dd:50:9f:f6:e9:eb:34:0a: |
| (0) | 6a:5e:0f:c2:bd:fe:9a:de:7b:e7:de:a9:56:c7:14: |
| (0) | a9:a2:12:45:a2:ff:1f:3c:8b:0f:85:cf:60:cc:95: |
| (0) | bf:55 |
| (0) | Exponent: 65537 (0x10001) |
| (0)X509v3 EXTENSIONS | |
| (0)X509v3 Extended Key Usage | TLS Web Server Authentication |
| (0)X509v3 Key Usage | Key Encipherment, Data Encipherment |
| (0)Signature | (256 octets) |
| (0) | 49:84:2e:75:56:de:da:55:4b:61:37:92:95:21:88:a6 |
| (0) | d6:c2:08:59:fc:07:68:5d:85:7f:4c:59:d9:8a:e7:00 |
| (0) | 85:29:10:0d:7c:84:aa:3c:fe:83:ae:55:3f:b9:64:72 |
| (0) | 45:d7:08:1f:e2:1e:cf:a1:fd:f1:58:a1:ee:6e:73:26 |
| (0) | 1b:78:16:a2:b4:38:b6:f3:c6:a4:10:4d:f2:26:3d:00 |
| (0) | a4:8f:b0:40:3e:f5:97:f9:d8:5f:f1:a2:97:1c:71:b4 |
| (0) | cc:3c:36:36:11:62:03:a8:66:a8:6a:7b:55:ae:21:3d |
| (0) | 71:e8:09:0e:f5:1c:d6:96:84:8a:dc:b4:b4:f6:a8:f2 |
| (0) | a0:a3:25:2b:de:bf:70:2f:f1:6d:99:15:87:8f:44:68 |
| (0) | 7f:f5:98:b2:11:ab:d2:5e:a2:23:73:dd:8d:f8:a2:c1 |
| (0) | ab:86:50:b3:e1:c6:c9:5b:c0:27:42:9f:c0:0e:ab:ed |
| (0) | 97:82:41:b1:2c:c0:62:b7:74:90:b0:3c:ed:61:b3:d8 |
| (0) | 26:88:07:e5:fa:e5:4d:99:14:7e:64:cb:02:4d:33:9a |
| (0) | 3b:a7:6e:6d:ef:f3:c2:d1:bb:e5:4c:8e:94:14:ed:0d |
| (0) | c5:a9:40:bc:33:18:04:76:90:96:ac:c5:51:1d:6d:ae |
| (0) | de:7c:06:c2:2e:9a:2a:48:00:28:6c:f6:cf:d5:6e:d0 |
Windows Server 2008 R2 Enterprise 64 bit Edition Service Pack 1
| Expand | Severity | Title | Port/Service |
|
|
3
|
Enabled DCOM |
Gimmiv.A malware has also been reported to exploit a vulnerability in RPC DCOM.
DCOM enabled attracts Internet worms and permits your system to be remotely compromised by malicious hackers.
Information on disabling DCOM can be found at the Microsoft Technet article called How to Disable DCOM Support in Windows.
For disabling DCOM on Windows 7, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 refer to Microsoft's article Enable or Disable DCOM.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Administrator Account's Password Does Not Expire |
Note that the Administrator account on the Domain Controller(s) will always have a password that does not expire, since the option check box in the properties dialog box for this account is greyed out.
Additional details can be found under QID 45031 "Accounts Enumerated From SAM Database Whose Passwords Do Not Expire."
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Windows Enterprise Hotfix Rollup (KB2775511) |
This hotfix rollup contains 90 hotfixes that were released after the release of SP1 for Windows 7 and Windows Server 2008 R2.
Microsoft recommend that users should apply this hotfix rollup as part of your regular maintenance routine and build processes for Windows 7 and Windows Server 2008 R2 computers.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
Insecure Microsoft Internet Explorer Internet Zone User Setting Detected |
To change the settings, go to Control Panel-> Internet Options-> Security tab.
To interpret the results section, please refer to KB182569 for IE6 and IE7.
Refer to Site to Zone Assignment Section 3 for Group Policy Settings in IE8.
Refer to Internet Explorer 9 Security Settings for IE9.
Also refer to BB457144 article from Microsoft.
The following minimal settings are recommended to be set in the registry for each user in the hive:
Download Signed ActiveX Controls - Prompt (minimum)
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Allow scripting of Internet Explorer Webbrowser control - Disable
Access data sources across domains - Disable
Display mixed content - Prompt (minimum)
Installation of desktop items - Prompt (minimum)
Launching programs and files in an IFRAME - Prompt (minimum)
Allow script initiated windows without size or position constraints - Disable
Allow web pages to use restricted protocols for active content - Prompt (minimum)
Open files based on content, not file extension - Disable
Submit non-encrypted form data - Prompt (minimum)
Use Pop-up Blocker - Enable
| Expand | Severity | Title | Port/Service |
|
|
3
|
Insecure Microsoft Internet Explorer Intranet Zone User Setting Detected |
To change the settings, go to Control Panel-> Internet Options-> Security tab.
To interpret the results section, please refer to KB182569 for IE6 and IE7.
Refer to Site to Zone Assignment Section 3 for Group Policy Settings in IE8.
Refer to Internet Explorer 9 Security Settings for IE9.
Also refer to BB457144 article from Microsoft.
The following minimal settings are recommended to be set in the registry for each user in the hive:
Download Signed ActiveX Controls - Prompt (minimum)
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Access data sources across domains - Prompt (minimum)
Display mixed content - Prompt (minimum)
Installation of desktop items - Prompt (minimum)
Launching programs and files in an IFRAME - Prompt (minimum)
Allow web pages to use restricted protocols for active content - Prompt (minimum)
Open files based on content, not file extension - Enable
Submit non-encrypted form data - Prompt (minimum)
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Internet Explorer Mouse Tracking Events Design Error Vulnerability |
Internet Explorer is exposed to an information disclosure vulnerability.
Affected Versions:
Internet Explorer 6 through 10.
Workaround:
Use a different browser than Internet Explorer until a patch becomes available.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Windows "RunAs" Password Length Local Information Disclosure - Zero Day |
RunAs is prone to a local password disclosure vulnerability that allows a malicious user to guess the password length when "runas.exe" is used to launch an application under another's user's privilege. When the application prompts the current user for the password of the specified user, a local attacker can monitor the "I/O Other Bytes" performance of the application to determine the length of the submitted password.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Hotfix KB2264107 (DLL hijacking) Not Installed / Not Configured |
Affected Software:
Windows XP , 2003 Server , Windows Vista , Windows server 2008 and Windows 7 are reported to be vulnerable.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
KB2264107: Windows XP Professional 32-Bit Edition
KB2264107: Windows XP Professional 64-Bit Edition
KB2264107: Windows 2003 32-Bit Edition
KB2264107: Windows Server 2003 64-Bit Edition
KB2264107: Windows Server 2003 with SP2 for Itanium-based Systems
KB2264107: Windows Vista 32-Bit
KB2264107: Windows Vista x64 Edition
KB2264107: Windows Server 2008 for 32-bit Systems
KB2264107: Windows Server 2008 for x64-based Systems
KB2264107: Windows Server 2008 for Itanium-based Systems
KB2264107: Windows 7 for 32-bit Systems
KB2264107: Windows 7 for x64-based Systems
| Expand | Severity | Title | Port/Service |
|
|
3
|
Splunk Multiple Vulnerabilities (SP-CAAAFQ6) |
The following vulnerabilities have been reported in Splunk:
1) The XML parser in Splunk is vulnerable to XML eXternal Entity attacks.
2) The parameter SPLUNKD_SESSION_KEY is vulnerable to session hijacking. An authenticated user could be tricked into visiting a specially crafted Web page that could disclose a valid splunkd session key to an attacker.
The vulnerabilities are reported in Versions 4.0 through 4.1.4.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability | port 4285/tcp over SSL |
In SSLv3.0 and TLSv1.0 implementation the choice CBC mode usage was poor because the entire traffic shares one CBC session with single set of initial IVs. The rest of the IV are as mentioned above results of the encryption of the previous blocks. The subsequent IV are available to the eavesdroppers. This allows an attacker with the capability to inject arbitrary traffic into the plain-text stream (to be encrypted by the client) to verify their guess of the plain-text preceding the injected block. If the attackers guess is correct then the output of the encryption will be the same for two blocks.
For low entropy data it is possible to guess the plain-text block with relatively few number of attempts. For example for data that has 1000 possibilities the number of attempts can be 500.
For more information please see a paper by Gregory V. Bard.
Setting your SSL server to prioritize RC4 ciphers mitigates this vulnerability. Microsoft has posted information including workarounds for IIS at KB2588513.
Using the following SSL configuration in Apache mitigates this vulnerability:
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
Qualys SSL/TLS Deployment Best Practices can be found here.
| Available non CBC cipher | Server's choice | SSL version |
| RC4-SHA | EDH-RSA-DES-CBC3-SHA | SSLv3 |
| RC4-SHA | EDH-RSA-DES-CBC3-SHA | TLSv1 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Global User List |
| User Name | Source Vulnerability (QualysID) |
| cas.admin | 45032, 45027, 45031 |
| cas.guest | 90266, 45027, 45031 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
NetBIOS Name Accessible |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SSL Certificate - Signature Verification Failed Vulnerability | port 27599/tcp over SSL |
If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication.
Exception:
If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature.
| Expand | Severity | Title | Port/Service |
|
|
2
|
SSL Certificate - Self-Signed Certificate | port 4285/tcp over SSL |
The client can trust that the Server Certificate belongs the server only if it is signed by a mutually trusted third-party Certificate Authority (CA). Self-signed certificates are created generally for testing purposes or to avoid paying third-party CAs. These should not be used on any production or critical servers.
By exploiting this vulnerability, an attacker can impersonate the server by presenting a fake self-signed certificate. If the client knows that the server does not have a trusted certificate, it will accept this spoofed certificate and communicate with the remote server.
| Expand | Severity | Title | Port/Service |
|
|
2
|
SSL Certificate - Subject Common Name Does Not Match Server FQDN | port 4285/tcp over SSL |
A certificate whose Subject commonName or subjectAltName does not match the server FQDN offers only encryption without authentication.
Please note that a false positive reporting of this vulnerability is possible in the following case:
| Expand | Severity | Title | Port/Service |
|
|
2
|
SSL Certificate - Signature Verification Failed Vulnerability | port 4285/tcp over SSL |
If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication.
Exception:
If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature.
| Expand | Severity | Title | Port/Service |
|
|
2
|
X.509 Certificate MD5 Signature Collision Vulnerability | port 4285/tcp over SSL |
Hash algorithms are used in many cryptographic applications. In particular, they are used in order to sign X.509 certificates used to verify identity in a variety of applications, including SSL communications.
The MD5 hash algorithm has over time seen gradually improving attacks against the collision property. In particular, it has been possible in recent years to create colliding messages with arbitrary, attacker specified prefixes and suffixes. Recent improvements have extended these techniques such that it is possible to create colliding messages that are also different yet valid SSL certificates.
An attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate Web sites by taking advantage of malicious certificates. Other attacks are likely to be possible.
Cisco ASA appliance Workaround -
Instructions on changing the signing hash for Cisco ASA's self signed certificates are available at the Cisco Security Response Web page MD5 Hashes May Allow for Certificate Spoofing.
| NAME | VALUE |
| Certificate | CN=Unknown at level 0 was signed using md5WithRSAEncryption algorithm which is considered weak. |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Detected Compatibility 8.3 Filename Feature |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows User Accounts With Unchanged Passwords |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Deprecated Public Key Length | port 4285/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Registry Setting To Globally Prevent Socket Hijacking Missing |
This issue arises when the first server socket binds to a port (privileged or otherwise) but specifies "INADDR_ANY" or "0.0.0.0" as the IP address to bind on. This allows the server to receive packets arriving on that port on any interface configured with a public IP address. This configuration is typical on a multihomed/multi-NIC machine set up as a server (or when the IP address might change in the future). However, if another rogue socket binds to the same port (using "SO_REUSEADDR") on a more specific IP address (instead of INADDR_ANY) of one of the interfaces, the network stack hands packets arriving on that port to the more specifically bound socket.
As a solution, Microsoft provided the SO_EXCLUSIVEADDRUSE Option, a socket option to be used by sockets before binding, to prevent this issue. However, using the SO_EXCLUSIVEADDRUSE option may not be possible for administrators with server applications coded prior to this solution, or which are closed source binaries that can't be fixed to implement this. This socket option has been provided for all Windows versions starting from Windows NT 4.0 Service Pack 4 and onwards.
The administrator should first confirm that disallowing socket reuse globally does not break the functionality/correctness of existing legitimate servers on the system. If it's safe, the setting described above should be used to apply this security measure.
Please refer to Microsoft article on SO_EXCLUSIVEADDRUSE before implementing this feature.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Accounts Enumerated From SAM Database Whose Passwords Do Not Expire |
| Expand | Severity | Title | Port/Service |
|
|
3
|
NetBIOS Bindings Information |
| Name | Service | NetBIOS Suffix |
| AD | Domain Name | 0x0 |
| CAS-ENTBKUP1 | Workstation Service | 0x0 |
| CAS-ENTBKUP1 | File Server Service | 0x20 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
NetBIOS Shared Folders |
| Device Name | Comment | Type | Label | Size | Description |
| ADMIN$ | Remote Admin | -2147483648 | OS | 134 GB | Disk (mounted) |
| BackupServer | 0 | ||||
| C$ | Default share | -2147483648 | |||
| Citrix PVS Vdisks | 0 | ||||
| D$ | Default share | -2147483648 | |||
| E$ | Default share | -2147483648 | |||
| F$ | Default share | -2147483648 | |||
| IPC$ | Remote IPC | -2147483645 | |||
| svag | 0 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Windows Socket Parameters, TCP/IP Hardening Guidelines |
You can configure four parameters for the dynamic backlog:
EnableDynamicBacklog: Switches between using a static backlog and a dynamic backlog. By default, this parameter is set to 0, which enables the static backlog. You should enable the dynamic backlog for better security on Winsock.
MinimumDynamicBacklog: Controls the minimum number of free connections allowed on a listening Winsock endpoint. If the number of free connections drops below this value, a thread is queued to create additional free connections. Making this value too large (setting it to a number greater than 100) will degrade the performance of the computer.
MaximumDynamicBacklog: Controls the maximum number of half-open and free connections to Winsock endpoints. If this value is reached, no additional free connections will be made.
DynamicBacklogGrowthDelta: Controls the number of Winsock endpoints in each allocation pool requested by the computer. Setting this value too high can cause system resources to be unnecessarily occupied.
Each of these values must be added to this registry key:
HKLM\System\CurrentControlSet\Services\AFD\Parameters
The recommended levels of protection for these parameters are indicated below.
DynamicBacklogGrowthDelta: 10
EnableDynamicBacklog: 1
MinimumDynamicBacklog: 20
MaximumDynamicBacklog: 20,000
Refer to the Microsoft Security Topics document called Hardening Systems and Servers: Checklists and Guides for a detailed description of these parameters and other impacts these might have before deploying these settings.
| EnableDynamicBacklog | Recommended: | 1 | Actual: | Missing |
| MinimumDynamicBacklog | Recommended: | 20 | Actual: | Missing |
| MaximumDynamicBacklog | Recommended: | 20, 000 | Actual: | Missing |
| DynamicBacklogGrowthDelta | Recommended: | 10 | Actual: | Missing |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Microsoft Windows TCP Parameters, TCP/IP Hardening Guidelines |
To help prevent denial of service attacks, you can harden the TCP/IP protocol stack on Windows 2000/2003 and Windows XP computers. You should harden the TCP/IP stack against denial of service attacks, even on internal networks, to prevent denial of service attacks that originate from inside the network as well as on computers attached to public networks.
You can harden the TCP/IP stack on a Windows 2000/2003 or Windows XP computer by customizing these registry values, which are stored in the registry key:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
DisableIPSourceRouting: Determines whether a computer allows clients to predetermine the route that packets take to their destination. When this value is set to 2, the computer will disable source routing for IP packets.
NoNameReleaseOnDemand: Determines whether the computer will release its NetBIOS name if requested by another computer or a malicious packet attempting to hijack the computer's NetBIOS name. This is configured under HKLM\System\CurrentControlSet\Services\Netbt\Parameters
PerformRouterDiscovery: Determines whether the computer performs router discovery on this interface. Router discovery solicits router information from the network and adds the information retrieved to the route table. Setting this value to 0 will prevent the interface from performing router discovery.
EnableDeadGWDetect: Determines whether the computer will attempt to detect dead gateways. When dead gateway detection is enabled (by setting this value to 1), TCP might ask IP to change to a backup gateway if a number of connections are experiencing difficulty. Backup gateways are defined in the TCP/IP configuration dialog box in the Network Control Panel for each adapter. When you leave this setting enabled, it's possible for an attacker to redirect the server to a gateway of his choosing.
EnableICMPRedirect: When ICMP redirects are disabled (by setting the value to 0), attackers cannot carry out attacks that require a host to redirect the ICMP-based attack to a third party.
SynAttackProtect: Enables SYN flood protection in Windows 2000 and Windows XP. You can set this value to 0, 1, or 2. The default setting 0 provides no protection. Setting the value to 1 will activate SYN/ACK protection contained in the TCPMaxPortsExhausted, TCPMaxHalfOpen, and TCPMaxHalfOpenRetried values. Setting the value to 2 will protect against SYN/ACK attacks by more aggressively timing out open and half-open connections. For Windows 2003, the recommended value is 1.
TCPMaxConnectResponseRetransmissions: Determines how many times TCP retransmits an unanswered SYN/ACK message. TCP retransmits acknowledgments until the number of retransmissions specified by this value is reached.
TCPMaxHalfOpen: Determines how many connections the server can maintain in the half-open state before TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server, that is when the value of the SynAttackProtect entry is 1 or 2 and the value of the TCPMaxConnectResponseRetransmissions entry is at least 2.
TCPMaxHalfOpenRetired: Determines how many connections the server can maintain in the half open state even after a connection request has been retransmitted. If the number of connections exceeds the value of this entry, TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server, that is when the value of the SynAttackProtect entry is 1 and the value of the TCPMaxConnectResponseRetransmissions entry is at least 2.
Refer to the Microsoft Security Topics document called Hardening Systems and Servers: Checklists and Guides for a detailed description of these parameters and other impacts these might have before deploying these settings.
| EnableICMPRedirect | Recommended: | 0 | Actual: | 0 |
| SynAttackProtect | Recommended: | 2 | Actual: | 1 |
| TCPMaxConnectResponseRetransmissions | Recommended: | 2 | Actual: | 2 |
| TCPMaxHalfOpen | Recommended: | 500 | Actual: | Missing |
| TCPMaxHalfOpenRetried | Recommended: | 400 | Actual: | Missing |
| TCPMaxPortsExhausted | Recommended: | 5 | Actual: | Missing |
| TCPMaxDataRetransmissions | Recommended: | 3 | Actual: | 3 |
| EnableDeadGWDetect | Recommended: | 0 | Actual: | 0 |
| EnablePMTUDiscovery | Recommended: | 0 | Actual: | Missing |
| DisableIPSourceRouting | Recommended: | 2 | Actual: | 2 |
| NoNameReleaseOnDemand | Recommended: | 1 | Actual: | 1 |
| PerformRouterDiscovery | Recommended: | 0 | Actual: | 0 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Hotfix KB2264107 (DLL hijacking) Installed |
Refer to Microsoft KB article 2264107 to obtain additional details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
KB2264107: Windows XP 32 bit Edition
KB2264107: Windows XP 64 bit Edition
KB2264107: Windows Server 2003 - 32 bit
KB2264107: Windows Server 2003 - 64 bit
KB2264107: Windows Vista - 32 bit
KB2264107: Windows Vista - 64 bit
KB2264107: Windows 2008-32 bit
KB2264107: Windows 2008-64 Bit
KB2264107: Windows Server 2008 R2 for Itanium-based Systems
KB2264107: Windows Server 2008 R2 for x64-based Systems
| Expand | Severity | Title | Port/Service |
|
|
3
|
SAMR Pipe Permissions Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Antivirus Product Detected on Windows Host |
AVG Antivirus
CA eTrust Antivirus
F-Secure Antivirus
Kaspersky Antivirus
McAfee Antivirus
Network Associates Antivirus
Sophos Antivirus Scanner
Symantec Norton Antivirus Corporate Edition
Symantec Norton Antivirus Personal Edition
Symantec Endpoint Protection
TrendMicro Antivirus
ESET Antivirus Scanner
Microsoft Windows Defender
Clam Antivirus
| Expand | Severity | Title | Port/Service |
|
|
2
|
Operating System Detected |
1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.
| Operating System | Technique | ID |
| Windows Server 2008 R2 Enterprise 64 bit Edition Service Pack 1 | Windows Registry | |
| Windows 2008/7 | NTLMSSP | |
| Windows Vista / Windows 2008 / Windows 7 / Windows 2012 | TCP/IP Fingerprint | U3414:135 |
| Windows Server 2008 R2 Enterprise 7601 Service Pack 1/Windows Server 2008 R2 Enterprise 6.1 | CIFS via TCP Port 445 | |
| cpe:/o:microsoft:windows server 2008:r2:sp1:enterprise x64: | CPE |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Effective Password Policy Information Gathering Via SAM Database |
Minimum Password Age in Days
Maximum Password Age in Days
Minimum Password Length in Characters
Password History (Number of old passwords remembered)
The policy is the effective policy, which is a combination of the local policy settings (if any) and the domain-wide policy settings made on the Domain Controller(s) for the domain.
This probe requires authentication to be successful.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Domain Effective Account Lockout Policy Information Gathered Via SAM Database |
It should be noted that if the Domain Controller/Active Directory on this domain enforces a policy as well, the Domain Controller policy will override the local policies (if any) of each host. Further, it takes up to a couple of minutes for changes on the Domain Controller policy to be propogated to all the individual hosts on that domain.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft .Net Framework Installed on Target Host |
Microsoft .NET Framework is installed on target host.
| .Net Framework | Version | Service Pack | Key |
| .Net Framework 2.0 x64 | 2.0.50727.5420 | 2 | HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727 |
| .Net Framework 4.x Client Installation x64 | 4.0.30319 | - | HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client |
| .Net Framework 4.x Full Installation x64 | 4.0.30319 | - | HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full |
| .Net Framework 2.0 x86 | 2.0.50727.5420 | 2 | HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v2.0.50727 |
| .Net Framework 4.x Client Installation x86 | 4.0.30319 | - | HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Client |
| .Net Framework 4.x Full Installation x86 | 4.0.30319 | - | HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Open DCE-RPC / MS-RPC Services List |
| Description | Version | TCP Ports | UDP Ports | HTTP Ports | NetBIOS/CIFS Pipes |
| DCE Endpoint Mapper | 3.0 | \PIPE\epmapper | |||
| DCE Remote Management | 1.0 | \PIPE\epmapper | |||
| DCOM OXID Resolver | 0.0 | \PIPE\epmapper | |||
| DCOM Remote Activation | 0.0 | \PIPE\epmapper | |||
| DCOM System Activator | 0.0 | \PIPE\epmapper | |||
| Microsoft Event Log Service | 0.0 | \PIPE\eventlog | |||
| Microsoft Local Security Architecture | 0.0 | \PIPE\lsarpc | |||
| Microsoft Network Logon | 1.0 | \PIPE\NETLOGON | |||
| Microsoft Registry | 1.0 | \PIPE\winreg | |||
| Microsoft Scheduler Control Service | 1.0 | \PIPE\atsvc | |||
| Microsoft Security Account Manager | 1.0 | 49174 | \PIPE\samr, \pipe\lsass | ||
| Microsoft Server Service | 3.0 | \PIPE\srvsvc | |||
| Microsoft Service Control Service | 2.0 | 50273 | \PIPE\svcctl | ||
| Microsoft Task Scheduler | 1.0 | \PIPE\atsvc | |||
| Microsoft Workstation Service | 1.0 | \PIPE\wkssvc | |||
| WinHttp Auto-Proxy Service | 5.1 | \PIPE\W32TIME_ALT | |||
| RPC ROUTER SERVICE | 1.0 | \PIPE\ROUTER | |||
| (Unknown Service) | 1.0 | 49152 | \PIPE\InitShutdown | ||
| (Unknown Service) | 1.0 | \PIPE\InitShutdown | |||
| DHCP Client LRPC Endpoint | 1.0 | 49153 | \pipe\eventlog | ||
| DHCPv6 Client LRPC Endpoint | 1.0 | 49153 | \pipe\eventlog | ||
| NRP server endpoint | 1.0 | 49153 | \pipe\eventlog | ||
| Event log TCPIP | 1.0 | 49153 | \pipe\eventlog | ||
| (Unknown Service) | 1.0 | 49154 | \PIPE\srvsvc, \PIPE\ROUTER, \PIPE\atsvc | ||
| Impl friendly name | 1.0 | 49154 | \PIPE\srvsvc, \PIPE\ROUTER, \PIPE\atsvc | ||
| XactSrv service | 1.0 | 49154 | \PIPE\ROUTER, \PIPE\atsvc | ||
| IP Transition Configuration endpoint | 1.0 | 49154 | \PIPE\atsvc | ||
| IKE/Authip API | 1.0 | 49154 | \PIPE\atsvc | ||
| (Unknown Service) | 1.0 | 49154 | \PIPE\atsvc | ||
| Unimodem LRPC Endpoint | 1.0 | \pipe\tapsrv |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Host Uptime Based on TCP TimeStamp Option |
Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Installed Applications Enumerated From Windows Installer |
| Key | Display Name | Display Version |
| Microsoft .NET Framework 4 Client Profile | Microsoft .NET Framework 4 Client Profile | 4.0.30319 |
| Microsoft .NET Framework 4 Extended | Microsoft .NET Framework 4 Extended | 4.0.30319 |
| {18E893B6-28F0-495B-8448-AC40F4496728} | Broadcom Management Programs | 12.62.07 |
| {23170F69-40C1-2702-0920-000001000000} | 7-Zip 9.20 (x64 edition) | 9.20.00.0 |
| {73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1} | Symantec Endpoint Protection | 11.0.6100.645 |
| {82a8e181-8f32-4635-b26d-1f0eb64b97a8} | Splunk | 107.2.16834 |
| {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} | Microsoft Silverlight | 5.1.20125.0 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2} | Microsoft .NET Framework 4 Extended | 4.0.30319 |
| {EAF846FB-AEA4-49AC-94DA-7333EA4B846C} | Broadcom NetXtreme II Driver Installer | 12.54.06 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} | Microsoft .NET Framework 4 Client Profile | 4.0.30319 |
| Key | Display Name | Display Version |
| InstallShield_{921738A4-E6C2-45C8-80AF-4B7A228E3AD4} | MegaRAID Storage Manager v9.00.0100 | 9.00.0100 |
| LiveUpdate | LiveUpdate 3.3 (Symantec Corporation) | 3.3.0.96 |
| {1CD3B8BB-3057-4B8E-AFDB-D99F8547B02D} | CrashPlan PRO Server | 1.09.1019 |
| {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | Microsoft Visual C++ 2005 Redistributable | 8.0.61001 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2416472 | Security Update for Microsoft .NET Framework 4 Extended (KB2416472) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 | Update for Microsoft .NET Framework 4 Extended (KB2468871) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 | Security Update for Microsoft .NET Framework 4 Extended (KB2487367) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 | Update for Microsoft .NET Framework 4 Extended (KB2533523) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 | Update for Microsoft .NET Framework 4 Extended (KB2600217) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 | Security Update for Microsoft .NET Framework 4 Extended (KB2656351) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 | Security Update for Microsoft .NET Framework 4 Extended (KB2736428) | 1 |
| {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 | Security Update for Microsoft .NET Framework 4 Extended (KB2742595) | 1 |
| {921738A4-E6C2-45C8-80AF-4B7A228E3AD4} | MegaRAID Storage Manager v9.00.0100 | 9.00.0100 |
| {C06DA922-6C85-43A2-993F-744F399BF7D4} | Dell System E-support Tool | 2.1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 | Update for Microsoft .NET Framework 4 Client Profile (KB2468871) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228 | Update for Microsoft .NET Framework 4 Client Profile (KB2473228) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 | Update for Microsoft .NET Framework 4 Client Profile (KB2533523) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 | Update for Microsoft .NET Framework 4 Client Profile (KB2600217) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) | 2 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) | 1 |
| {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 | Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) | 1 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Real Name of Built-in Guest Account Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Assign Primary Token Privilege |
| Network_Service |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Audit Privilege |
| Network_Service |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Backup Files and Directories |
| Backup_Operators |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Change Notify |
| Backup_Operators |
| Administrators |
| Network_Service |
| Local_Service |
| Authenticated_Users |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Create Global Objects |
| Service_Logon |
| Administrators |
| Network_Service |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Create Page File |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Impersonate |
| Service_Logon |
| Administrators |
| Network_Service |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Increase Base Priority |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Increase Quota |
| Administrators |
| Network_Service |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Load Drivers |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Profile Single Process |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Remote Shutdown |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Restore |
| Backup_Operators |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Change Security Atrributes |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Shutdown |
| Backup_Operators |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Manage Volumes |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privileges - Profile System |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privileges - Modify System Time |
| Administrators |
| Local_Service |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privileges - Take Object Ownership |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Privilege - Undock Privilege |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights - Logon as a Batch |
| Performance_Log_Users |
| Backup_Operators |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights - Interactive Logon |
| Administrators |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights - Network Logon |
| Administrators |
| Authenticated_Users |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights - Logon as a Service |
| ALL SERVICES |
| BUILTIN |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights Denied - Logon as a Batch |
| Guests |
| Domain_Admins_Group |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights Denied - Interactive Logon |
| Guests |
| Domain_Admins_Group |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights Denied - Network Logon |
| Guests |
| Domain_Admins_Group |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Users With Rights Denied - Logon as a Service |
| Guests |
| Domain_Admins_Group |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Auto Reboot After Blue Screen Not Disabled |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Win32 Services Security Analysis |
| Name | Access | ACL1 | ACL2 | ACL3 |
| BFE | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| BFE | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| BFE | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| BFE | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| BFE | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| BFE | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| BFE | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| BFE | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| BFE | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| BFE | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| BFE | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| BITS | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| BITS | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| BITS | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| BITS | Access Allowed for Local System | stop-service | pause-continue-service | - |
| BITS | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| BITS | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| BITS | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| BITS | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| BITS | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| BITS | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| BITS | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| BITS | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ccEvtMgr | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| ccEvtMgr | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| ccEvtMgr | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| ccEvtMgr | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| ccEvtMgr | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| ccEvtMgr | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| ccEvtMgr | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| ccEvtMgr | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| ccEvtMgr | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ccEvtMgr | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| ccEvtMgr | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ccSetMgr | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| ccSetMgr | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| ccSetMgr | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| ccSetMgr | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| ccSetMgr | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| ccSetMgr | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| ccSetMgr | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| ccSetMgr | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| ccSetMgr | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ccSetMgr | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| ccSetMgr | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CertPropSvc | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| CertPropSvc | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| CertPropSvc | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| CertPropSvc | Access Allowed for Local System | stop-service | pause-continue-service | - |
| CertPropSvc | Access Allowed for Administrators | standard-read | query-service-config | change-service-config |
| CertPropSvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| CertPropSvc | Access Allowed for Administrators | stop-service | pause-continue-service | nterrogate-service |
| CertPropSvc | Access Allowed for Administrators | service-user-defined-control | - | - |
| CertPropSvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| CertPropSvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CertPropSvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| CertPropSvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CertPropSvc | Access Allowed for S-1-5-80-446051430-1559341753-4161941529-1950928533-810483104 | start-service | stop-service | - |
| CrashPlanPROServer | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| CrashPlanPROServer | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| CrashPlanPROServer | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| CrashPlanPROServer | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| CrashPlanPROServer | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| CrashPlanPROServer | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| CrashPlanPROServer | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| CrashPlanPROServer | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| CrashPlanPROServer | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CrashPlanPROServer | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| CrashPlanPROServer | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CryptSvc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| CryptSvc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| CryptSvc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| CryptSvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| CryptSvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| CryptSvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| CryptSvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| CryptSvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| CryptSvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CryptSvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| CryptSvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| DcomLaunch | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| DcomLaunch | Access Allowed for Authenticated Users | nterrogate-service | - | - |
| DcomLaunch | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| DcomLaunch | Access Allowed for Local System | query-service-config | change-service-config | query-service-status |
| DcomLaunch | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| DcomLaunch | Access Allowed for Local System | pause-continue-service | nterrogate-service | - |
| DcomLaunch | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| DcomLaunch | Access Allowed for Administrators | query-service-config | query-service-status | enumerate-service-dependents |
| DcomLaunch | Access Allowed for Administrators | start-service | stop-service | pause-continue-service |
| DcomLaunch | Access Allowed for Administrators | nterrogate-service | - | - |
| DcomLaunch | Access Allowed for Users | query-service-config | query-service-status | nterrogate-service |
| Dhcp | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| Dhcp | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Dhcp | Access Allowed for Network Configuration Operators | standard-read | query-service-config | query-service-status |
| Dhcp | Access Allowed for Network Configuration Operators | enumerate-service-dependents | start-service | stop-service |
| Dhcp | Access Allowed for Network Configuration Operators | pause-continue-service | nterrogate-service | service-user-defined-control |
| Dhcp | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Dhcp | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Dhcp | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Dhcp | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Dhcp | Access Allowed for Local | standard-read | query-service-config | query-service-status |
| Dhcp | Access Allowed for Local | enumerate-service-dependents | start-service | nterrogate-service |
| Dhcp | Access Allowed for Local | service-user-defined-control | - | - |
| Dhcp | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Dhcp | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Dhcp | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Dnscache | Access Allowed for Users | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Users | enumerate-service-dependents | start-service | nterrogate-service |
| Dnscache | Access Allowed for Users | service-user-defined-control | - | - |
| Dnscache | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Dnscache | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Dnscache | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Dnscache | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Dnscache | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Dnscache | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Dnscache | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Dnscache | Access Allowed for Network Service | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Network Service | enumerate-service-dependents | nterrogate-service | - |
| Dnscache | Access Allowed for Local Service | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Local Service | enumerate-service-dependents | nterrogate-service | - |
| Dnscache | Access Allowed for Network Configuration Operators | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for Network Configuration Operators | enumerate-service-dependents | pause-continue-service | nterrogate-service |
| Dnscache | Access Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582 | standard-read | query-service-config | query-service-status |
| Dnscache | Access Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582 | enumerate-service-dependents | pause-continue-service | nterrogate-service |
| Dnscache | Access Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582 | service-user-defined-control | - | - |
| DPS | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| DPS | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| DPS | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| DPS | Access Allowed for Local System | stop-service | pause-continue-service | - |
| DPS | Access Allowed for Administrators | standard-read | query-service-config | change-service-config |
| DPS | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| DPS | Access Allowed for Administrators | stop-service | pause-continue-service | nterrogate-service |
| DPS | Access Allowed for Administrators | service-user-defined-control | - | - |
| DPS | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| DPS | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| DPS | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| DPS | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| eventlog | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| eventlog | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| eventlog | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| eventlog | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| eventlog | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| eventlog | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| eventlog | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| eventlog | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| eventlog | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| EventSystem | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| EventSystem | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| EventSystem | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| EventSystem | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| EventSystem | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| EventSystem | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| EventSystem | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| EventSystem | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| EventSystem | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| EventSystem | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| EventSystem | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| FontCache | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| FontCache | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| FontCache | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| FontCache | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| FontCache | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| FontCache | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| FontCache | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| FontCache | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| FontCache | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| FontCache | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| FontCache | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| FontCache | Access Allowed for Interactive Logon | start-service | - | - |
| FontCache | Access Allowed for Service Logon | start-service | - | - |
| FontCache | Access Allowed for S-1-15-2-1 | standard-read | query-service-config | query-service-status |
| FontCache | Access Allowed for S-1-15-2-1 | enumerate-service-dependents | start-service | nterrogate-service |
| FontCache | Access Allowed for S-1-15-2-1 | service-user-defined-control | - | - |
| gpsvc | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| gpsvc | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| gpsvc | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| gpsvc | Access Allowed for Local System | stop-service | pause-continue-service | - |
| gpsvc | Access Allowed for Administrators | standard-read | query-service-config | query-service-status |
| gpsvc | Access Allowed for Administrators | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| gpsvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| gpsvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| gpsvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| gpsvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| IKEEXT | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| IKEEXT | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| IKEEXT | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| IKEEXT | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| IKEEXT | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| IKEEXT | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| IKEEXT | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| IKEEXT | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| IKEEXT | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| IKEEXT | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| IKEEXT | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| iphlpsvc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| iphlpsvc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| iphlpsvc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| iphlpsvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| iphlpsvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| iphlpsvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| iphlpsvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| iphlpsvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| iphlpsvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| iphlpsvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| iphlpsvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| LanmanServer | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| LanmanServer | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| LanmanServer | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| LanmanServer | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| LanmanServer | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| LanmanServer | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| LanmanServer | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| LanmanServer | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| LanmanServer | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| LanmanServer | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| LanmanServer | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| LanmanWorkstation | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| LanmanWorkstation | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| LanmanWorkstation | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| LanmanWorkstation | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| LanmanWorkstation | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| LanmanWorkstation | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| LanmanWorkstation | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| LanmanWorkstation | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| LanmanWorkstation | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| LanmanWorkstation | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| LanmanWorkstation | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| lmhosts | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| lmhosts | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| lmhosts | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| lmhosts | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| lmhosts | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| lmhosts | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| lmhosts | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| lmhosts | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| lmhosts | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| lmhosts | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| lmhosts | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| MegaMonitorSrv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| MegaMonitorSrv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| MegaMonitorSrv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| MegaMonitorSrv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| MegaMonitorSrv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| MegaMonitorSrv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| MegaMonitorSrv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| MegaMonitorSrv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| MegaMonitorSrv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| MegaMonitorSrv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| MegaMonitorSrv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| MpsSvc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| MpsSvc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| MpsSvc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| MpsSvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| MpsSvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| MpsSvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| MpsSvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| MpsSvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| MpsSvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| MpsSvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| MpsSvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| MpsSvc | Access Allowed for S-1-5-80-2006800713-1441093265-249754844-3404434343-1444102779 | query-service-config | query-service-status | start-service |
| MSDTC | Access Allowed for Local | standard-read | query-service-config | query-service-status |
| MSDTC | Access Allowed for Local | enumerate-service-dependents | start-service | nterrogate-service |
| MSDTC | Access Allowed for Local System | standard-read | query-service-config | change-service-config |
| MSDTC | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| MSDTC | Access Allowed for Local System | stop-service | pause-continue-service | nterrogate-service |
| MSDTC | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| MSDTC | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| MSDTC | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| MSDTC | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| MSDTC | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| MSDTC | Access Allowed for Interactive Logon | enumerate-service-dependents | start-service | nterrogate-service |
| MSDTC | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| MSDTC | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | - |
| MSDTC | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| MSDTC | Access Allowed for Service Logon | enumerate-service-dependents | start-service | nterrogate-service |
| MSDTC | Access Allowed for S-1-5-80-3960419045-2460139048-4046793004-1809597027-2250574426 | standard-read | query-service-config | query-service-status |
| MSDTC | Access Allowed for S-1-5-80-3960419045-2460139048-4046793004-1809597027-2250574426 | enumerate-service-dependents | nterrogate-service | - |
| MSMFramework | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| MSMFramework | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| MSMFramework | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| MSMFramework | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| MSMFramework | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| MSMFramework | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| MSMFramework | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| MSMFramework | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| MSMFramework | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| MSMFramework | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| MSMFramework | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Netlogon | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Netlogon | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Netlogon | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Netlogon | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Netlogon | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Netlogon | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Netlogon | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Netlogon | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Netlogon | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Netlogon | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Netlogon | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Netman | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Netman | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Netman | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Netman | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Netman | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Netman | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Netman | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Netman | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Netman | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Netman | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Netman | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| netprofm | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| netprofm | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| netprofm | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| netprofm | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| netprofm | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| netprofm | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| netprofm | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| netprofm | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| netprofm | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| netprofm | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| netprofm | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NlaSvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| NlaSvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| NlaSvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| NlaSvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| NlaSvc | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| NlaSvc | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| NlaSvc | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| NlaSvc | Access Allowed for Local System | stop-service | pause-continue-service | - |
| NlaSvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| NlaSvc | Access Allowed for Interactive Logon | enumerate-service-dependents | start-service | nterrogate-service |
| NlaSvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| NlaSvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NlaSvc | Access Allowed for S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453 | standard-read | query-service-config | query-service-status |
| NlaSvc | Access Allowed for S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453 | enumerate-service-dependents | start-service | - |
| nsi | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| nsi | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| nsi | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| nsi | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| nsi | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| nsi | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| nsi | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| nsi | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| nsi | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| nsi | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| nsi | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| PlugPlay | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| PlugPlay | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| PlugPlay | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| PlugPlay | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| PlugPlay | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| PlugPlay | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| PlugPlay | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| PlugPlay | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| PlugPlay | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| PlugPlay | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| PlugPlay | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| PolicyAgent | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| PolicyAgent | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| PolicyAgent | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| PolicyAgent | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| PolicyAgent | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| PolicyAgent | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| PolicyAgent | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| PolicyAgent | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| PolicyAgent | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| PolicyAgent | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| PolicyAgent | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Power | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Power | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Power | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Power | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Power | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Power | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Power | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Power | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Power | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Power | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Power | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ProfSvc | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| ProfSvc | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| ProfSvc | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| ProfSvc | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| ProfSvc | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| ProfSvc | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| ProfSvc | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| ProfSvc | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| ProfSvc | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ProfSvc | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| ProfSvc | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| RasMan | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| RasMan | Access Allowed for Authenticated Users | enumerate-service-dependents | start-service | nterrogate-service |
| RasMan | Access Allowed for Authenticated Users | service-user-defined-control | - | - |
| RasMan | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| RasMan | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| RasMan | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| RasMan | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| RemoteRegistry | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| RemoteRegistry | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| RemoteRegistry | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| RemoteRegistry | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| RemoteRegistry | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| RemoteRegistry | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| RemoteRegistry | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| RemoteRegistry | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| RemoteRegistry | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| RemoteRegistry | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| RemoteRegistry | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| RpcEptMapper | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| RpcEptMapper | Access Allowed for Authenticated Users | nterrogate-service | - | - |
| RpcEptMapper | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| RpcEptMapper | Access Allowed for Local System | query-service-config | change-service-config | query-service-status |
| RpcEptMapper | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| RpcEptMapper | Access Allowed for Local System | pause-continue-service | nterrogate-service | - |
| RpcEptMapper | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| RpcEptMapper | Access Allowed for Administrators | query-service-config | query-service-status | enumerate-service-dependents |
| RpcEptMapper | Access Allowed for Administrators | start-service | stop-service | pause-continue-service |
| RpcEptMapper | Access Allowed for Administrators | nterrogate-service | - | - |
| RpcEptMapper | Access Allowed for Users | query-service-config | query-service-status | start-service |
| RpcEptMapper | Access Allowed for Users | nterrogate-service | - | - |
| RpcSs | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| RpcSs | Access Allowed for Authenticated Users | nterrogate-service | - | - |
| RpcSs | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| RpcSs | Access Allowed for Local System | query-service-config | change-service-config | query-service-status |
| RpcSs | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| RpcSs | Access Allowed for Local System | pause-continue-service | nterrogate-service | - |
| RpcSs | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| RpcSs | Access Allowed for Administrators | query-service-config | query-service-status | enumerate-service-dependents |
| RpcSs | Access Allowed for Administrators | start-service | stop-service | pause-continue-service |
| RpcSs | Access Allowed for Administrators | nterrogate-service | - | - |
| RpcSs | Access Allowed for Users | query-service-config | query-service-status | nterrogate-service |
| RSoPProv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| RSoPProv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| RSoPProv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| RSoPProv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| RSoPProv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| RSoPProv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| RSoPProv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| RSoPProv | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| RSoPProv | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| RSoPProv | Access Allowed for System Operators | standard-read | standard-write-owner | standard-write-dac |
| RSoPProv | Access Allowed for System Operators | standard-delete | query-service-config | change-service-config |
| RSoPProv | Access Allowed for System Operators | query-service-status | enumerate-service-dependents | start-service |
| RSoPProv | Access Allowed for System Operators | stop-service | pause-continue-service | - |
| SamSs | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| SamSs | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | - |
| SamSs | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| SamSs | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| SamSs | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| SamSs | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| SamSs | Access Allowed for Interactive Logon | query-service-config | query-service-status | enumerate-service-dependents |
| SamSs | Access Allowed for Interactive Logon | nterrogate-service | - | - |
| SamSs | Access Allowed for Users | query-service-config | query-service-status | enumerate-service-dependents |
| SamSs | Access Allowed for Users | nterrogate-service | - | - |
| Schedule | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| Schedule | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | - |
| Schedule | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Schedule | Access Allowed for Administrators | query-service-config | query-service-status | enumerate-service-dependents |
| Schedule | Access Allowed for Administrators | start-service | pause-continue-service | nterrogate-service |
| Schedule | Access Allowed for Administrators | service-user-defined-control | - | - |
| Schedule | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| Schedule | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| Schedule | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| Schedule | Access Allowed for Local System | stop-service | pause-continue-service | - |
| Schedule | Access Allowed for Users | standard-read | query-service-config | query-service-status |
| Schedule | Access Allowed for Users | enumerate-service-dependents | nterrogate-service | - |
| SENS | Access Allowed for Authenticated Users | standard-read | query-service-config | query-service-status |
| SENS | Access Allowed for Authenticated Users | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| SENS | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| SENS | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| SENS | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| SENS | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| SENS | Access Allowed for System Operators | standard-read | standard-write-owner | standard-write-dac |
| SENS | Access Allowed for System Operators | standard-delete | query-service-config | change-service-config |
| SENS | Access Allowed for System Operators | query-service-status | enumerate-service-dependents | start-service |
| SENS | Access Allowed for System Operators | stop-service | pause-continue-service | - |
| SENS | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| SENS | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| SENS | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| SessionEnv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| SessionEnv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| SessionEnv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| SessionEnv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| SessionEnv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| SessionEnv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| SessionEnv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| SessionEnv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| SessionEnv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| SessionEnv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| SessionEnv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| SessionEnv | Access Allowed for S-1-5-80-446051430-1559341753-4161941529-1950928533-810483104 | start-service | stop-service | - |
| SmcService | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| SmcService | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| SmcService | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| SmcService | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| SmcService | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| SmcService | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| SmcService | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| SmcService | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| SmcService | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| SmcService | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| SmcService | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Splunkd | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Splunkd | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Splunkd | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Splunkd | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Splunkd | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Splunkd | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Splunkd | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Splunkd | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Results were truncated. | ||||
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Driver Security Analysis |
| Name | Access | ACL1 | ACL2 | ACL3 |
| ACPI | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| ACPI | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| ACPI | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| ACPI | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| ACPI | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| ACPI | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| ACPI | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| ACPI | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| ACPI | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ACPI | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| ACPI | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AcpiPmi | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| AcpiPmi | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| AcpiPmi | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| AcpiPmi | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| AcpiPmi | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| AcpiPmi | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| AcpiPmi | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| AcpiPmi | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| AcpiPmi | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AcpiPmi | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| AcpiPmi | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AFD | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| AFD | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| AFD | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| AFD | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| AFD | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| AFD | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| AFD | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| AFD | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| AFD | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AFD | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| AFD | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| amdxata | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| amdxata | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| amdxata | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| amdxata | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| amdxata | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| amdxata | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| amdxata | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| amdxata | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| amdxata | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| amdxata | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| amdxata | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AsyncMac | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| AsyncMac | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| AsyncMac | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| AsyncMac | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| AsyncMac | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| AsyncMac | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| AsyncMac | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| AsyncMac | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| AsyncMac | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| AsyncMac | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| AsyncMac | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| b06bdrv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| b06bdrv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| b06bdrv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| b06bdrv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| b06bdrv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| b06bdrv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| b06bdrv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| b06bdrv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| b06bdrv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| b06bdrv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| b06bdrv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| blbdrive | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| blbdrive | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| blbdrive | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| blbdrive | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| blbdrive | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| blbdrive | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| blbdrive | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| blbdrive | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| blbdrive | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| blbdrive | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| blbdrive | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Blfm | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Blfm | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Blfm | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Blfm | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Blfm | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Blfm | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Blfm | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Blfm | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Blfm | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Blfm | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Blfm | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| bowser | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| bowser | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| bowser | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| bowser | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| bowser | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| bowser | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| bowser | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| bowser | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| bowser | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| bowser | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| bowser | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CLFS | Access Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 | standard-read | standard-write-owner | standard-write-dac |
| CLFS | Access Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 | standard-delete | query-service-config | change-service-config |
| CLFS | Access Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 | query-service-status | enumerate-service-dependents | start-service |
| CLFS | Access Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 | stop-service | pause-continue-service | - |
| CLFS | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| CLFS | Access Allowed for Local System | enumerate-service-dependents | nterrogate-service | - |
| CLFS | Access Allowed for Administrators | standard-read | query-service-config | query-service-status |
| CLFS | Access Allowed for Administrators | enumerate-service-dependents | nterrogate-service | - |
| CLFS | Access Allowed for Users | standard-read | query-service-config | query-service-status |
| CLFS | Access Allowed for Users | enumerate-service-dependents | nterrogate-service | - |
| CNG | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| CNG | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| CNG | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| CNG | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| CNG | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| CNG | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| CNG | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| CNG | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| CNG | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CNG | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| CNG | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CompositeBus | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| CompositeBus | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| CompositeBus | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| CompositeBus | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| CompositeBus | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| CompositeBus | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| CompositeBus | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| CompositeBus | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| CompositeBus | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| CompositeBus | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| CompositeBus | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| dcdbas | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| dcdbas | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| dcdbas | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| dcdbas | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| dcdbas | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| dcdbas | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| dcdbas | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| dcdbas | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| dcdbas | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| dcdbas | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| dcdbas | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| DfsC | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| DfsC | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| DfsC | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| DfsC | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| DfsC | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| DfsC | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| DfsC | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| DfsC | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| DfsC | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| DfsC | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| DfsC | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| discache | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| discache | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| discache | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| discache | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| discache | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| discache | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| discache | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| discache | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| discache | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| discache | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| discache | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Disk | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Disk | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Disk | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Disk | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Disk | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Disk | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Disk | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Disk | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Disk | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Disk | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Disk | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| eeCtrl | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| eeCtrl | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| eeCtrl | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| eeCtrl | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| eeCtrl | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| eeCtrl | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| eeCtrl | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| eeCtrl | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| eeCtrl | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| eeCtrl | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| eeCtrl | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| EraserUtilRebootDrv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| EraserUtilRebootDrv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| EraserUtilRebootDrv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| EraserUtilRebootDrv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| EraserUtilRebootDrv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| EraserUtilRebootDrv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| EraserUtilRebootDrv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| EraserUtilRebootDrv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| EraserUtilRebootDrv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| EraserUtilRebootDrv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| EraserUtilRebootDrv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ErrDev | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| ErrDev | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| ErrDev | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| ErrDev | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| ErrDev | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| ErrDev | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| ErrDev | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| ErrDev | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| ErrDev | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| ErrDev | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| ErrDev | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| fastfat | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| fastfat | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| fastfat | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| fastfat | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| fastfat | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| fastfat | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| fastfat | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| fastfat | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| fastfat | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| fastfat | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| fastfat | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| FltMgr | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| FltMgr | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| FltMgr | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| FltMgr | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| FltMgr | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| FltMgr | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| FltMgr | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| FltMgr | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| FltMgr | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| FltMgr | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| FltMgr | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| HTTP | Access Allowed for Local System | standard-read | standard-write-owner | standard-write-dac |
| HTTP | Access Allowed for Local System | standard-delete | query-service-config | change-service-config |
| HTTP | Access Allowed for Local System | query-service-status | enumerate-service-dependents | start-service |
| HTTP | Access Allowed for Local System | stop-service | pause-continue-service | - |
| HTTP | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| HTTP | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| HTTP | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| HTTP | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| HTTP | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| HTTP | Access Allowed for Interactive Logon | enumerate-service-dependents | start-service | nterrogate-service |
| HTTP | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| HTTP | Access Allowed for Service Logon | enumerate-service-dependents | start-service | nterrogate-service |
| HTTP | Access Allowed for Batch Logon | standard-read | query-service-config | query-service-status |
| HTTP | Access Allowed for Batch Logon | enumerate-service-dependents | start-service | nterrogate-service |
| hwpolicy | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| hwpolicy | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| hwpolicy | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| hwpolicy | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| hwpolicy | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| hwpolicy | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| hwpolicy | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| hwpolicy | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| hwpolicy | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| hwpolicy | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| hwpolicy | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| intelppm | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| intelppm | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| intelppm | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| intelppm | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| intelppm | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| intelppm | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| intelppm | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| intelppm | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| intelppm | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| intelppm | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| intelppm | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| IPMIDRV | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| IPMIDRV | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| IPMIDRV | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| IPMIDRV | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| IPMIDRV | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| IPMIDRV | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| IPMIDRV | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| IPMIDRV | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| IPMIDRV | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| IPMIDRV | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| IPMIDRV | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| kbdclass | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| kbdclass | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| kbdclass | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| kbdclass | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| kbdclass | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| kbdclass | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| kbdclass | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| kbdclass | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| kbdclass | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| kbdclass | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| kbdclass | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| KSecDD | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| KSecDD | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| KSecDD | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| KSecDD | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| KSecDD | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| KSecDD | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| KSecDD | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| KSecDD | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| KSecDD | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| KSecDD | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| KSecDD | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| KSecPkg | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| KSecPkg | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| KSecPkg | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| KSecPkg | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| KSecPkg | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| KSecPkg | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| KSecPkg | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| KSecPkg | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| KSecPkg | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| KSecPkg | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| KSecPkg | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| l2nd | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| l2nd | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| l2nd | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| l2nd | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| l2nd | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| l2nd | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| l2nd | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| l2nd | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| l2nd | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| l2nd | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| l2nd | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| lltdio | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| lltdio | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| lltdio | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| lltdio | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| lltdio | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| lltdio | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| lltdio | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| lltdio | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| lltdio | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| lltdio | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| lltdio | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| luafv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| luafv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| luafv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| luafv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| luafv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| luafv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| luafv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| luafv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| luafv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| luafv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| luafv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| megasas | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| megasas | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| megasas | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| megasas | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| megasas | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| megasas | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| megasas | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| megasas | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| megasas | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| megasas | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| megasas | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| megasas2 | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| megasas2 | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| megasas2 | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| megasas2 | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| megasas2 | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| megasas2 | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| megasas2 | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| megasas2 | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| megasas2 | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| megasas2 | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| megasas2 | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| monitor | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| monitor | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| monitor | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| monitor | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| monitor | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| monitor | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| monitor | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| monitor | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| monitor | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| monitor | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| monitor | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mouclass | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mouclass | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mouclass | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mouclass | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mouclass | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mouclass | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mouclass | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mouclass | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mouclass | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mouclass | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mouclass | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mountmgr | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mountmgr | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mountmgr | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mountmgr | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mountmgr | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mountmgr | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mountmgr | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mountmgr | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mountmgr | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mountmgr | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mountmgr | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mpsdrv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mpsdrv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mpsdrv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mpsdrv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mpsdrv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mpsdrv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mpsdrv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mpsdrv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mpsdrv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mpsdrv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mpsdrv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mrxsmb | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mrxsmb | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mrxsmb | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mrxsmb | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mrxsmb | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mrxsmb | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mrxsmb | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mrxsmb | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mrxsmb | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb10 | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mrxsmb10 | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mrxsmb10 | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mrxsmb10 | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mrxsmb10 | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mrxsmb10 | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mrxsmb10 | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mrxsmb10 | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mrxsmb10 | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb10 | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mrxsmb10 | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb20 | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mrxsmb20 | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mrxsmb20 | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mrxsmb20 | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mrxsmb20 | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mrxsmb20 | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mrxsmb20 | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mrxsmb20 | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mrxsmb20 | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mrxsmb20 | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mrxsmb20 | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Msfs | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Msfs | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Msfs | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Msfs | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Msfs | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Msfs | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Msfs | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Msfs | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Msfs | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Msfs | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Msfs | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| msisadrv | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| msisadrv | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| msisadrv | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| msisadrv | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| msisadrv | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| msisadrv | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| msisadrv | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| msisadrv | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| msisadrv | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| msisadrv | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| msisadrv | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mssmbios | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| mssmbios | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| mssmbios | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| mssmbios | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| mssmbios | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| mssmbios | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| mssmbios | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| mssmbios | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| mssmbios | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| mssmbios | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| mssmbios | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Mup | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| Mup | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| Mup | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| Mup | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| Mup | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Mup | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| Mup | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| Mup | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| Mup | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| Mup | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| Mup | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NAVENG | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| NAVENG | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| NAVENG | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| NAVENG | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| NAVENG | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| NAVENG | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| NAVENG | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| NAVENG | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| NAVENG | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NAVENG | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| NAVENG | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NAVEX15 | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| NAVEX15 | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| NAVEX15 | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| NAVEX15 | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| NAVEX15 | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| NAVEX15 | Access Allowed for Administrators | query-service-status | enumerate-service-dependents | start-service |
| NAVEX15 | Access Allowed for Administrators | stop-service | pause-continue-service | - |
| NAVEX15 | Access Allowed for Interactive Logon | standard-read | query-service-config | query-service-status |
| NAVEX15 | Access Allowed for Interactive Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NAVEX15 | Access Allowed for Service Logon | standard-read | query-service-config | query-service-status |
| NAVEX15 | Access Allowed for Service Logon | enumerate-service-dependents | nterrogate-service | service-user-defined-control |
| NDIS | Access Allowed for Local System | standard-read | query-service-config | query-service-status |
| NDIS | Access Allowed for Local System | enumerate-service-dependents | start-service | stop-service |
| NDIS | Access Allowed for Local System | pause-continue-service | nterrogate-service | service-user-defined-control |
| NDIS | Access Allowed for Administrators | standard-read | standard-write-owner | standard-write-dac |
| NDIS | Access Allowed for Administrators | standard-delete | query-service-config | change-service-config |
| Results were truncated. | ||||
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Effective Permission on Shares Enumerated |
| share | SHARE TYPE | ACE TYPE | NAME | PRIMARY GROUP | ACE1 | ACE2 | ACE3 | ADDITIONAL INFO |
| ADMIN$ | Hidden Directory | Access Allowed for Group | NT SERVICE\TrustedInstaller | NT SERVICE\TrustedInstaller | generic-all | standard-read | standard-write-owner | - |
| ADMIN$ | Hidden Directory | Access Allowed for Group | NT SERVICE\TrustedInstaller | NT SERVICE\TrustedInstaller | standard-write-dac | standard-delete | - | - |
| ADMIN$ | Hidden Directory | Access Allowed for Group | Local System | NT SERVICE\TrustedInstaller | generic-all | standard-read | standard-delete | - |
| ADMIN$ | Hidden Directory | Access Allowed for Group | Administrators | NT SERVICE\TrustedInstaller | generic-all | standard-read | standard-delete | - |
| ADMIN$ | Hidden Directory | Access Allowed for Group | Users | NT SERVICE\TrustedInstaller | generic-read | generic-execute | standard-read | - |
| ADMIN$ | Hidden Directory | Access Allowed for Group | Creator Owner | NT SERVICE\TrustedInstaller | generic-all | - | - | - |
| BackupServer | Directory | Access Allowed for Group | Local System | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| BackupServer | Directory | Access Allowed for Group | Local System | Domain Users Group | standard-delete | - | - | - |
| BackupServer | Directory | Access Allowed for User | ASNTDOMAIN1\jamesfox.admin | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| BackupServer | Directory | Access Allowed for User | ASNTDOMAIN1\jamesfox.admin | Domain Users Group | standard-delete | - | - | - |
| BackupServer | Directory | Access Allowed for Group | ASNTDOMAIN1\CAS Backup Machine Backup Accounts ASNTDOMAIN1 | Domain Users Group | standard-read | - | - | - |
| BackupServer | Directory | Access Allowed for Group | AD\CAS OU Admins | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| BackupServer | Directory | Access Allowed for Group | AD\CAS OU Admins | Domain Users Group | standard-delete | - | - | - |
| BackupServer | Directory | Access Allowed for User | AD\thensley.adm | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| BackupServer | Directory | Access Allowed for User | AD\thensley.adm | Domain Users Group | standard-delete | - | - | - |
| BackupServer | Directory | Access Allowed for User | AD\jamesfox.adm | Domain Users Group | standard-read | - | - | - |
| BackupServer | Directory | Access Allowed for Group | AD\CAS Backup Machine Backup Accounts | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| BackupServer | Directory | Access Allowed for Group | AD\CAS Backup Machine Backup Accounts | Domain Users Group | standard-delete | - | - | - |
| BackupServer | Directory | Access Allowed for Group | Administrators | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| BackupServer | Directory | Access Allowed for Group | Administrators | Domain Users Group | standard-delete | - | - | - |
| BackupServer | Directory | Access Allowed for Group | Domain Admins Group | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| BackupServer | Directory | Access Allowed for Group | Domain Admins Group | Domain Users Group | standard-delete | - | - | - |
| BackupServer | Directory | Access Allowed for User | AD\cas bob-backup.svc | Domain Users Group | standard-read | standard-delete | - | - |
| C$ | Hidden Directory | Access Allowed for Group | Local System | NT SERVICE\TrustedInstaller | standard-read | standard-write-owner | standard-write-dac | - |
| C$ | Hidden Directory | Access Allowed for Group | Local System | NT SERVICE\TrustedInstaller | standard-delete | - | - | - |
| C$ | Hidden Directory | Access Allowed for Group | Administrators | NT SERVICE\TrustedInstaller | standard-read | standard-write-owner | standard-write-dac | - |
| C$ | Hidden Directory | Access Allowed for Group | Administrators | NT SERVICE\TrustedInstaller | standard-delete | - | - | - |
| C$ | Hidden Directory | Access Allowed for Group | Users | NT SERVICE\TrustedInstaller | standard-read | - | - | - |
| C$ | Hidden Directory | Access Allowed for Group | Creator Owner | NT SERVICE\TrustedInstaller | generic-all | - | - | - |
| Citrix PVS Vdisks | Directory | Access Allowed for Group | All | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| Citrix PVS Vdisks | Directory | Access Allowed for Group | All | Domain Users Group | standard-delete | - | - | - |
| Citrix PVS Vdisks | Directory | Access Allowed for Group | Local System | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| Citrix PVS Vdisks | Directory | Access Allowed for Group | Local System | Domain Users Group | standard-delete | - | - | - |
| Citrix PVS Vdisks | Directory | Access Allowed for User | AD\tcandrew.adm | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| Citrix PVS Vdisks | Directory | Access Allowed for User | AD\tcandrew.adm | Domain Users Group | standard-delete | - | - | - |
| Citrix PVS Vdisks | Directory | Access Allowed for Group | Administrators | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| Citrix PVS Vdisks | Directory | Access Allowed for Group | Administrators | Domain Users Group | standard-delete | - | - | - |
| D$ | Hidden Directory | Access Allowed for Group | Administrators | Local System | standard-read | - | - | - |
| D$ | Hidden Directory | Access Allowed for Group | Local System | Local System | standard-read | - | - | - |
| D$ | Hidden Directory | Access Allowed for Group | Users | Local System | standard-read | - | - | - |
| D$ | Hidden Directory | Access Allowed for Group | All | Local System | standard-read | - | - | - |
| E$ | Hidden Directory | Access Allowed for Group | Administrators | Local System | standard-read | - | - | - |
| E$ | Hidden Directory | Access Allowed for Group | Local System | Local System | standard-read | - | - | - |
| E$ | Hidden Directory | Access Allowed for Group | Users | Local System | standard-read | - | - | - |
| E$ | Hidden Directory | Access Allowed for Group | All | Local System | standard-read | - | - | - |
| F$ | Hidden Directory | Access Allowed for Group | Administrators | Local System | standard-read | - | - | - |
| F$ | Hidden Directory | Access Allowed for Group | Local System | Local System | standard-read | - | - | - |
| F$ | Hidden Directory | Access Allowed for Group | Users | Local System | standard-read | - | - | - |
| F$ | Hidden Directory | Access Allowed for Group | All | Local System | standard-read | - | - | - |
| IPC$ | Hidden_IPC | No_Explicit_DACLS | - | - | - | - | - | Results_may_be_incomplete |
| svag | Directory | Access Allowed for User | AD\cas svag1 sql.svc | Domain Users Group | standard-read | standard-delete | - | - |
| svag | Directory | Access Allowed for Group | Local System | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| svag | Directory | Access Allowed for Group | Local System | Domain Users Group | standard-delete | - | - | - |
| svag | Directory | Access Allowed for User | ASNTDOMAIN1\jamesfox.admin | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| svag | Directory | Access Allowed for User | ASNTDOMAIN1\jamesfox.admin | Domain Users Group | standard-delete | - | - | - |
| svag | Directory | Access Allowed for Group | ASNTDOMAIN1\CAS Backup Machine Backup Accounts ASNTDOMAIN1 | Domain Users Group | standard-read | - | - | - |
| svag | Directory | Access Allowed for Group | AD\CAS OU Admins | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| svag | Directory | Access Allowed for Group | AD\CAS OU Admins | Domain Users Group | standard-delete | - | - | - |
| svag | Directory | Access Allowed for User | AD\thensley.adm | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| svag | Directory | Access Allowed for User | AD\thensley.adm | Domain Users Group | standard-delete | - | - | - |
| svag | Directory | Access Allowed for Group | AD\CAS Backup Machine Backup Accounts | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| svag | Directory | Access Allowed for Group | AD\CAS Backup Machine Backup Accounts | Domain Users Group | standard-delete | - | - | - |
| svag | Directory | Access Allowed for Group | Administrators | Domain Users Group | standard-read | standard-write-owner | standard-write-dac | - |
| svag | Directory | Access Allowed for Group | Administrators | Domain Users Group | standard-delete | - | - | - |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Hardening - Service Configuration |
Turning off non-essential services is an important step in hardening a Windows system.
| Name | Starttype | AccountName |
| Application Experience | Manual | localSystem |
| Application Layer Gateway Service | Manual | NT AUTHORITY\LocalService |
| Application Identity | Manual | NT Authority\LocalService |
| Application Information | Manual | LocalSystem |
| Application Management | Manual | LocalSystem |
| ASP.NET State Service | Manual | NT AUTHORITY\NetworkService |
| Windows Audio Endpoint Builder | Manual | LocalSystem |
| Windows Audio | Manual | NT AUTHORITY\LocalService |
| Base Filtering Engine | Automatic | NT AUTHORITY\LocalService |
| Background Intelligent Transfer Service | Manual | LocalSystem |
| Computer Browser | Disabled | LocalSystem |
| Symantec Event Manager | Automatic | LocalSystem |
| Symantec Settings Manager | Automatic | LocalSystem |
| Certificate Propagation | Manual | LocalSystem |
| Microsoft .NET Framework NGEN v2.0.50727 X86 | Disabled | LocalSystem |
| Microsoft .NET Framework NGEN v2.0.50727 X64 | Disabled | LocalSystem |
| Microsoft .NET Framework NGEN v4.0.30319 X86 | Automatic | LocalSystem |
| Microsoft .NET Framework NGEN v4.0.30319 X64 | Automatic | LocalSystem |
| COM+ System Application | Manual | LocalSystem |
| CrashPlan PRO Server | Automatic | LocalSystem |
| Cryptographic Services | Automatic | NT Authority\NetworkService |
| DCOM Server Process Launcher | Automatic | LocalSystem |
| Disk Defragmenter | Manual | localSystem |
| DHCP Client | Automatic | NT Authority\LocalService |
| DNS Client | Automatic | NT AUTHORITY\NetworkService |
| Wired AutoConfig | Manual | localSystem |
| Diagnostic Policy Service | Automatic | NT AUTHORITY\LocalService |
| Extensible Authentication Protocol | Manual | localSystem |
| Encrypting File System (EFS) | Manual | LocalSystem |
| Windows Event Log | Automatic | NT AUTHORITY\LocalService |
| COM+ Event System | Automatic | NT AUTHORITY\LocalService |
| Microsoft Fibre Channel Platform Registration Service | Manual | NT AUTHORITY\LocalService |
| Function Discovery Provider Host | Manual | NT AUTHORITY\LocalService |
| Function Discovery Resource Publication | Manual | NT AUTHORITY\LocalService |
| Windows Font Cache Service | Automatic | NT AUTHORITY\LocalService |
| Group Policy Client | Automatic | LocalSystem |
| Human Interface Device Access | Manual | LocalSystem |
| Health Key and Certificate Management | Manual | localSystem |
| InstallDriver Table Manager | Manual | LocalSystem |
| IKE and AuthIP IPsec Keying Modules | Automatic | LocalSystem |
| PnP-X IP Bus Enumerator | Disabled | LocalSystem |
| IP Helper | Automatic | LocalSystem |
| CNG Key Isolation | Manual | LocalSystem |
| KtmRm for Distributed Transaction Coordinator | Manual | NT AUTHORITY\NetworkService |
| Server | Automatic | LocalSystem |
| Workstation | Automatic | NT AUTHORITY\NetworkService |
| LiveUpdate | Manual | LocalSystem |
| Link-Layer Topology Discovery Mapper | Manual | NT AUTHORITY\LocalService |
| TCP/IP NetBIOS Helper | Automatic | NT AUTHORITY\LocalService |
| MRMonitor | Automatic | LocalSystem |
| Multimedia Class Scheduler | Manual | LocalSystem |
| Windows Firewall | Automatic | NT Authority\LocalService |
| Distributed Transaction Coordinator | Automatic | NT AUTHORITY\NetworkService |
| Microsoft iSCSI Initiator Service | Manual | LocalSystem |
| Windows Installer | Manual | LocalSystem |
| MSMFramework | Automatic | LocalSystem |
| Network Access Protection Agent | Manual | NT AUTHORITY\NetworkService |
| Netlogon | Automatic | LocalSystem |
| Network Connections | Manual | LocalSystem |
| Net.Msmq Listener Adapter | Disabled | NT AUTHORITY\NetworkService |
| Net.Pipe Listener Adapter | Disabled | NT AUTHORITY\LocalService |
| Network List Service | Manual | NT AUTHORITY\LocalService |
| Net.Tcp Listener Adapter | Disabled | NT AUTHORITY\LocalService |
| Net.Tcp Port Sharing Service | Disabled | NT AUTHORITY\LocalService |
| Network Location Awareness | Automatic | NT AUTHORITY\NetworkService |
| Network Store Interface Service | Automatic | NT Authority\LocalService |
| Performance Counter DLL Host | Manual | NT AUTHORITY\LocalService |
| Performance Logs & Alerts | Manual | NT AUTHORITY\LocalService |
| Plug and Play | Automatic | LocalSystem |
| IPsec Policy Agent | Manual | NT Authority\NetworkService |
| Power | Automatic | LocalSystem |
| User Profile Service | Automatic | LocalSystem |
| Protected Storage | Manual | LocalSystem |
| Remote Access Auto Connection Manager | Manual | localSystem |
| Remote Access Connection Manager | Manual | localSystem |
| Routing and Remote Access | Disabled | localSystem |
| Remote Registry | Automatic | NT AUTHORITY\LocalService |
| RPC Endpoint Mapper | Automatic | NT AUTHORITY\NetworkService |
| Remote Procedure Call (RPC) Locator | Manual | NT AUTHORITY\NetworkService |
| Remote Procedure Call (RPC) | Automatic | NT AUTHORITY\NetworkService |
| Resultant Set of Policy Provider | Automatic | LocalSystem |
| Special Administration Console Helper | Manual | LocalSystem |
| Security Accounts Manager | Automatic | LocalSystem |
| Smart Card | Manual | NT AUTHORITY\LocalService |
| Task Scheduler | Automatic | LocalSystem |
| Smart Card Removal Policy | Manual | LocalSystem |
| Secondary Logon | Manual | LocalSystem |
| System Event Notification Service | Automatic | LocalSystem |
| Remote Desktop Configuration | Manual | localSystem |
| Internet Connection Sharing (ICS) | Automatic | LocalSystem |
| Shell Hardware Detection | Automatic | LocalSystem |
| Symantec Management Client | Automatic | LocalSystem |
| Symantec Network Access Control | Disabled | LocalSystem |
| SNMP Trap | Manual | NT AUTHORITY\LocalService |
| Splunkd | Automatic | LocalSystem |
| Splunkweb | Automatic | LocalSystem |
| Print Spooler | Automatic | LocalSystem |
| Software Protection | Automatic | NT AUTHORITY\NetworkService |
| SPP Notification Service | Manual | NT AUTHORITY\LocalService |
| SSDP Discovery | Disabled | NT AUTHORITY\LocalService |
| Secure Socket Tunneling Protocol Service | Manual | NT Authority\LocalService |
| Microsoft Software Shadow Copy Provider | Manual | LocalSystem |
| Telephony | Manual | NT AUTHORITY\NetworkService |
| TPM Base Services | Manual | NT AUTHORITY\LocalService |
| Remote Desktop Services | Manual | NT Authority\NetworkService |
| Thread Ordering Server | Manual | NT AUTHORITY\LocalService |
| Distributed Link Tracking Client | Automatic | LocalSystem |
| Windows Modules Installer | Manual | localSystem |
| Interactive Services Detection | Manual | LocalSystem |
| Remote Desktop Services UserMode Port Redirector | Manual | localSystem |
| UPnP Device Host | Disabled | NT AUTHORITY\LocalService |
| Desktop Window Manager Session Manager | Automatic | localSystem |
| Credential Manager | Manual | LocalSystem |
| Virtual Disk | Manual | LocalSystem |
| Volume Shadow Copy | Manual | LocalSystem |
| Windows Time | Manual | NT AUTHORITY\LocalService |
| Block Level Backup Engine Service | Manual | LocalSystem |
| Windows Color System | Manual | NT AUTHORITY\LocalService |
| Diagnostic Service Host | Manual | NT AUTHORITY\LocalService |
| Diagnostic System Host | Manual | LocalSystem |
| Windows Event Collector | Manual | NT AUTHORITY\NetworkService |
| Problem Reports and Solutions Control Panel Support | Manual | localSystem |
| Windows Error Reporting Service | Manual | localSystem |
| WinHTTP Web Proxy Auto-Discovery Service | Manual | NT AUTHORITY\LocalService |
| Windows Management Instrumentation | Automatic | localSystem |
| Windows Remote Management (WS-Management) | Automatic | NT AUTHORITY\NetworkService |
| WMI Performance Adapter | Manual | localSystem |
| Portable Device Enumerator Service | Manual | LocalSystem |
| Windows Update | Automatic | LocalSystem |
| Windows Driver Foundation - User-mode Driver Framework | Automatic | LocalSystem |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Folder Permission Check - Folders Under SystemRoot |
| ------------------------------------------------------------ | |||
| %windir% | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\AppPatch | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\debug | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\Help | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\inf | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\installer | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Everyone | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Administrators | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\media | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\Registration | |||
| ------------------------------------------------------------ | |||
| Administrators | access_allowed | object_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Everyone | access_allowed | object_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| SYSTEM | access_allowed | object_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\security | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\Temp | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %ProgramFiles%\Common Files | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Folder Permission Check - Folders Under System32 |
| ------------------------------------------------------------ | |||
| %windir%\System32 | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\System32\ias | |||
| ------------------------------------------------------------ | |||
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| NETWORK_SERVICE | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| ------------------------------------------------------------ | |||
| %windir%\System32\Config | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Administrators | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\System32\spool\printers | |||
| ------------------------------------------------------------ | |||
| Users | access_allowed | container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| SYSTEM | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\System32\LogFiles | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %windir%\System32\inetsrv | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows File Security Check - C: System Files |
| ------------------------------------------------------------ | |||
| c:\ | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Administrators | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Users | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %ProgramFiles% | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| ------------------------------------------------------------ | |||
| %CommonProgramFiles% | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Administrators | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Users | access_allowed | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write | |
| Creator_Owner | access_allowed | inherit_only=true object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Folder Security - Folders Under Document and Settings |
| ------------------------------------------------------------ | |||
| %userprofile%\Administrator | |||
| ------------------------------------------------------------ | |||
| SYSTEM | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Administrators | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| cas.admin | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| AD\semone.adm | access_allowed | object_inherit=true container_inherit=true | standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Administrator Group Members Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Security Permissions for Important CIFS Pipes |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Last Successful User Login |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Shares With Everyone Group Having Full Control |
| share | ACE TYPE | ACE1 |
| Citrix PVS Vdisks | Everyone Group | Full-Control |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Shares With Everyone Group Having Any Access |
| share | ACE TYPE |
| Citrix PVS Vdisks | Some access allowed for Everyone group |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Permission on Shares Enumerated |
| share | SHARE TYPE | ACE TYPE | NAME | OWNER | ACE1 | ACE2 | ACE3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ADMIN$ | Hidden_Directory | No_Explicit_DACLS | - | - | - | - | - | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| BackupServer | Directory | Access Allowed for Group | ASNTDOMAIN1\CAS Backup Machine Backup Accounts ASNTDOMAIN1 | AD\thensley.adm | standard-read | - | -BackupServer | Directory | Access Allowed for Group | Domain Admins Group | AD\thensley.adm | standard-read | standard-write-owner | standard-write-dac | BackupServer | Directory | Access Allowed for Group | Domain Admins Group | AD\thensley.adm | standard-delete | - | -BackupServer | Directory | Access Allowed for Group | AD\CAS OU Admins | AD\thensley.adm | standard-read | standard-write-owner | standard-write-dac | BackupServer | Directory | Access Allowed for Group | AD\CAS OU Admins | AD\thensley.adm | standard-delete | - | -BackupServer | Directory | Access Allowed for Group | AD\CAS Backup Machine Backup Accounts | AD\thensley.adm | standard-read | - | -BackupServer | Directory | Access Allowed for User | AD\cas bob-backup.svc | AD\thensley.adm | standard-read | standard-delete | -BackupServer | Directory | Access Allowed for Group | Administrators | AD\thensley.adm | standard-read | standard-write-owner | standard-write-dac | BackupServer | Directory | Access Allowed for Group | Administrators | AD\thensley.adm | standard-delete | - | -C$ | Hidden_Directory | No_Explicit_DACLS | - | - | - | - | - |
| Citrix PVS Vdisks | Directory | Access Allowed for Group | Administrators | AD\tcandrew.adm | standard-read | standard-write-owner | standard-write-dac | Citrix PVS Vdisks | Directory | Access Allowed for Group | Administrators | AD\tcandrew.adm | standard-delete | - | -Citrix PVS Vdisks | Directory | Access Allowed for Group | All | AD\tcandrew.adm | standard-read | standard-write-owner | standard-write-dac | Citrix PVS Vdisks | Directory | Access Allowed for Group | All | AD\tcandrew.adm | standard-delete | - | -D$ | Hidden_Directory | No_Explicit_DACLS | - | - | - | - | - | ||||||||||||||||||||||||||||||||||||
| E$ | Hidden_Directory | No_Explicit_DACLS | - | - | - | - | - | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| F$ | Hidden_Directory | No_Explicit_DACLS | - | - | - | - | - | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| IPC$ | Hidden_IPC | No_Explicit_DACLS | - | - | - | - | - | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| svag | Directory | Access Allowed for Group | Administrators | AD\thensley.adm | standard-read | standard-write-owner | standard-write-dac | svag | Directory | Access Allowed for Group | Administrators | AD\thensley.adm | standard-delete | - | -svag | Directory | Access Allowed for User | AD\cas svag1 sql.svc | AD\thensley.adm | standard-read | standard-delete | - |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Web Server Probed For Various URL-Encoding Schemes Supported | crashplan.oasis.unc.edu:4280/tcp |
Per this paper by Daniel Roelker that was presented at Defcon 11, popular Web servers like Microsoft IIS support a variety of encoding schemes for the URLs. These include Percent-escaped Hex Encoding, Double-percent Escaped Hex Encoding, Microsoft's %U Encoding, Percent-escaped 2-Byte UTF-8 Encoding, and Raw 2-Byte UTF-8 Encoding.
For a sample HTTP GET request, GET /. HTTP/1.0, the following illustrates the encoded URI under these schemes:
Percent-escaped Hex Encoding: GET /%2e HTTP/1.0 Double-percent Escaped Hex Encoding: GET /%252e HTTP/1.0 Percent-escaped 2-Byte UTF-8 Encoding: GET /%C0%AE HTTP/1.0 Raw 2-Byte UTF-8 Encoding: GET /\xC0\xAE HTTP/1.0 (Actual raw 0xC0 and 0xAE bytes) Microsoft's %U Encoding: GET /%u002e HTTP/1.0
The supported encoding schemes are listed in the Results section.
URI encoding is relevant to Web server security since, as mentioned in the paper above, attackers could launch HTTP attacks while at the same time obfuscating the URIs to evade detection by Intrusion Detection Systems that are not capable of decoding the URIs.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Web Server Probed For Various URL-Encoding Schemes Supported | crashplan.oasis.unc.edu:4285/tcp |
Per this paper by Daniel Roelker that was presented at Defcon 11, popular Web servers like Microsoft IIS support a variety of encoding schemes for the URLs. These include Percent-escaped Hex Encoding, Double-percent Escaped Hex Encoding, Microsoft's %U Encoding, Percent-escaped 2-Byte UTF-8 Encoding, and Raw 2-Byte UTF-8 Encoding.
For a sample HTTP GET request, GET /. HTTP/1.0, the following illustrates the encoded URI under these schemes:
Percent-escaped Hex Encoding: GET /%2e HTTP/1.0 Double-percent Escaped Hex Encoding: GET /%252e HTTP/1.0 Percent-escaped 2-Byte UTF-8 Encoding: GET /%C0%AE HTTP/1.0 Raw 2-Byte UTF-8 Encoding: GET /\xC0\xAE HTTP/1.0 (Actual raw 0xC0 and 0xAE bytes) Microsoft's %U Encoding: GET /%u002e HTTP/1.0
The supported encoding schemes are listed in the Results section.
URI encoding is relevant to Web server security since, as mentioned in the paper above, attackers could launch HTTP attacks while at the same time obfuscating the URIs to evade detection by Intrusion Detection Systems that are not capable of decoding the URIs.
| Expand | Severity | Title | Port/Service |
|
|
1
|
DNS Host Name |
| IP address | Host name |
| 152.2.41.22 | crashplan.oasis.unc.edu |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Firewall Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Network Adapter MAC Address |
| Method | MAC Address | Vendor |
| NBTSTAT | 00:26:B9:5E:EF:86 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Processor Information for Windows Target System |
| HKLM\System\CurrentControlSet\Control\Session Manager\Environment | ||
| PROCESSOR_IDENTIFIER | = | Intel64 Family 6 Model 26 Stepping 5, GenuineIntel |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Target Network Information |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Service Provider |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Traceroute |
| Hops | IP | Round Trip Time | Probe |
| 1 | 152.2.20.1 | 0.55ms | ICMP |
| 2 | 152.19.253.105 | 0.99ms | ICMP |
| 3 | 152.19.255.254 | 1.24ms | ICMP |
| 4 | 152.19.255.210 | 1.10ms | ICMP |
| 5 | 152.2.41.22 | 1.04ms | ICMP |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Disabled Accounts Enumerated From SAM Database |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Administrator Account's Real Name Found From LSA Enumeration |
Windows systems by default have the administrator account's name configured as "Administrator". This can very easily be changed to a non-default value (like root, for example) to harden security against password bruteforcing.
LSA, internally, refers to user accounts by what are called RIDs (Relative IDs) instead of the friendlier names (like "Administrator") used only for GUI and display purposes. The administrator account on any Windows system always has a RID of 500, even if the name has been changed.
The scanner probed the LSA for the name that maps to the RID of 500, which is the administrator account name, changed or unchanged. The name is listed in the Result section below.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Scan Time |
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Names Found |
| Host Name | Source |
| CAS-ENTBKUP1.ad.unc.edu | NTLM DNS |
| crashplan.oasis.unc.edu | FQDN |
| CAS-ENTBKUP1 | NTLM NetBIOS |
| CAS-ENTBKUP1 | NetBIOS |
| Expand | Severity | Title | Port/Service |
|
|
1
|
NTFS Settings Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Interface Names and Assigned IP Address Enumerated from Registry |
| Interface: | Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) | IP Address: | 152.2.41.22 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Management Instrumentation Service (WMI) Is Running |
The target has WMI service installed and running.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Authentication Method |
The service also attempts to authenticate using common credentials. You should verify that the credentials used for successful authentication were those that were provided in the Windows authentication record. User-provided credentials failed if the discovery method shows "Unable to log in using credentials provided by user, fallback to NULL session". If this is the case, verify that the credentials specified in the Windows authentication record are valid for this host.
| User Name | DOM qualys.scn |
| Domain | AD |
| Authentication Scheme | Kerberos |
| Security | User-based |
| SMBv1 Signing | Enabled |
| Discovery Method | Login credentials provided by user |
| Authentication Record | AD.UNC.EDU Credentials |
| CIFS Version | SMB v2.1 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Authentication Method for User-Provided Credentials |
| User Name | DOM qualys.scn |
| Domain | AD |
| Authentication Scheme | Kerberos |
| Security | User-based |
| SMBv1 Signing | Enabled |
| Authentication Record | AD.UNC.EDU Credentials |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open UDP Services List |
Note that if the host is behind a firewall, there is a small chance that the list includes a few ports that are filtered or blocked by the firewall but are not actually open on the target host. This (false positive on UDP open ports) may happen when the firewall is configured to reject UDP packets for most (but not all) ports with an ICMP Port Unreachable packet. This may also happen when the firewall is configured to allow UDP packets for most (but not all) ports through and filter/block/drop UDP packets for only a few ports. Both cases are uncommon.
| Port | IANA Assigned Ports/Services | Description | Service Detected |
| 137 | netbios-ns | NETBIOS Name Service | netbios ns |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open TCP Services List |
The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).
| Port | IANA Assigned Ports/Services | Description | Service Detected | OS On Redirected Port |
| 135 | msrpc-epmap | epmap DCE endpoint resolution | DCERPC Endpoint Mapper | |
| 139 | netbios-ssn | NETBIOS Session Service | netbios ssn | |
| 445 | microsoft-ds | Microsoft-DS | microsoft-ds | |
| 3071 | unknown | unknown | unknown over ssl | |
| 4280 | unknown | unknown | http | |
| 4282 | unknown | unknown | unknown | |
| 4285 | unknown | unknown | http over ssl | |
| 27599 | unknown | unknown | unknown over ssl | |
| 49153 | unknown | unknown | unknown | |
| 49154 | unknown | unknown | unknown |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ICMP Replies Received |
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
| ICMP Reply Type | Triggered By | Additional Information |
| Echo (type=0 code=0) | Echo Request | Echo Reply |
| Expand | Severity | Title | Port/Service |
|
|
1
|
NetBIOS Host Name |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Degree of Randomness of TCP Initial Sequence Numbers |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IP ID Values Randomness |
Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
NetBIOS Workgroup Name Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Enabled Winlogon CD-ROM Allocation |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
| Expand | Severity | Title | Port/Service |
|
|
1
|
Enabled Winlogon Floppy Disk Allocation |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows CDROM Autorun Enabled |
If Autorun is enabled, it puts the machine into potential malaware risk or even virus infection. Mostly, viruses and worms are spread using the windows AutoRun feature.
In the past, Sony rootkit issue exploited machines that had Autorun enabled to secretly infect them by digital rights management software after playing certain CDs. The Downadup/Conficker worm is known to have infected a lot of machines and the use of the Autoplay functionality has been one of the major attack vector and propagation method for the worm to spread.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom
To selectively disable specific Autorun features, change the "NoDriveTypeAutoRun" entry in one of the following registry key subkeys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\
The value of the NoDriveTypeAutoRun registry entry determines which drive or drives the Autorun functionality will be disabled for. Settings for the NoDriveTypeAutoRun registry entry are listed below:
0x1 = Disables AutoPlay on drives of unknown type
0x4 = Disables AutoPlay on removable drives
0x8 = Disables AutoPlay on fixed drives
0x10 = Disables AutoPlay on network drives
0x20 = Disables AutoPlay on CD-ROM drives
0x40 = Disables AutoPlay on RAM disks
0x80 = Disables AutoPlay on drives of unknown type
0xFF = Disables AutoPlay on all kinds of drives
You may also disable the service by setting the group policy object (GPO). HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
Detailed steps on disabling the Autorun functionality for different Windows platforms through various methods are available at Microsoft Knowledge Base Articles KB967715 and KB953252.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Disabled Clear Page File |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
| Expand | Severity | Title | Port/Service |
|
|
1
|
Possible Log Recording Issues |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
| Expand | Severity | Title | Port/Service |
|
|
1
|
Enabled Caching of Dial-up Password Feature |
Since Windows automatically provides the saved dial-up password, unauthorized users with local access to this host can connect and dial the remote host without the password.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Services List |
| Name | Status | Description |
| AeLookupSvc | Application Experience | |
| ALG | Application Layer Gateway Service | |
| AppIDSvc | Application Identity | |
| Appinfo | Application Information | |
| AppMgmt | Application Management | |
| aspnet_state | ASP.NET State Service | |
| AudioEndpointBuilder | Windows Audio Endpoint Builder | |
| AudioSrv | Windows Audio | |
| BFE | started | Base Filtering Engine |
| BITS | started | Background Intelligent Transfer Service |
| Browser | Computer Browser | |
| ccEvtMgr | started | Symantec Event Manager |
| ccSetMgr | started | Symantec Settings Manager |
| CertPropSvc | started | Certificate Propagation |
| clr_optimization_v2.0.50727_32 | Microsoft .NET Framework NGEN v2.0.50727_X86 | |
| clr_optimization_v2.0.50727_64 | Microsoft .NET Framework NGEN v2.0.50727_X64 | |
| clr_optimization_v4.0.30319_32 | Microsoft .NET Framework NGEN v4.0.30319_X86 | |
| clr_optimization_v4.0.30319_64 | Microsoft .NET Framework NGEN v4.0.30319_X64 | |
| COMSysApp | COM+ System Application | |
| CrashPlanPROServer | started | CrashPlan PRO Server |
| CryptSvc | started | Cryptographic Services |
| DcomLaunch | started | DCOM Server Process Launcher |
| defragsvc | Disk Defragmenter | |
| Dhcp | started | DHCP Client |
| Dnscache | started | DNS Client |
| dot3svc | Wired AutoConfig | |
| DPS | started | Diagnostic Policy Service |
| EapHost | Extensible Authentication Protocol | |
| EFS | Encrypting File System (EFS) | |
| eventlog | started | Windows Event Log |
| EventSystem | started | COM+ Event System |
| FCRegSvc | Microsoft Fibre Channel Platform Registration Service | |
| fdPHost | Function Discovery Provider Host | |
| FDResPub | Function Discovery Resource Publication | |
| FontCache | started | Windows Font Cache Service |
| gpsvc | started | Group Policy Client |
| hidserv | Human Interface Device Access | |
| hkmsvc | Health Key and Certificate Management | |
| IDriverT | InstallDriver Table Manager | |
| IKEEXT | started | IKE and AuthIP IPsec Keying Modules |
| IPBusEnum | PnP-X IP Bus Enumerator | |
| iphlpsvc | started | IP Helper |
| KeyIso | CNG Key Isolation | |
| KtmRm | KtmRm for Distributed Transaction Coordinator | |
| LanmanServer | started | Server |
| LanmanWorkstation | started | Workstation |
| LiveUpdate | LiveUpdate | |
| lltdsvc | Link-Layer Topology Discovery Mapper | |
| lmhosts | started | TCP/IP NetBIOS Helper |
| MegaMonitorSrv | started | MRMonitor |
| MMCSS | Multimedia Class Scheduler | |
| MpsSvc | started | Windows Firewall |
| MSDTC | started | Distributed Transaction Coordinator |
| MSiSCSI | Microsoft iSCSI Initiator Service | |
| msiserver | Windows Installer | |
| MSMFramework | started | MSMFramework |
| napagent | Network Access Protection Agent | |
| Netlogon | started | Netlogon |
| Netman | started | Network Connections |
| NetMsmqActivator | Net.Msmq Listener Adapter | |
| NetPipeActivator | Net.Pipe Listener Adapter | |
| netprofm | started | Network List Service |
| NetTcpActivator | Net.Tcp Listener Adapter | |
| NetTcpPortSharing | Net.Tcp Port Sharing Service | |
| NlaSvc | started | Network Location Awareness |
| nsi | started | Network Store Interface Service |
| PerfHost | Performance Counter DLL Host | |
| pla | Performance Logs & Alerts | |
| PlugPlay | started | Plug and Play |
| PolicyAgent | started | IPsec Policy Agent |
| Power | started | Power |
| ProfSvc | started | User Profile Service |
| ProtectedStorage | Protected Storage | |
| RasAuto | Remote Access Auto Connection Manager | |
| RasMan | started | Remote Access Connection Manager |
| RemoteAccess | Routing and Remote Access | |
| RemoteRegistry | started | Remote Registry |
| RpcEptMapper | started | RPC Endpoint Mapper |
| RpcLocator | Remote Procedure Call (RPC) Locator | |
| RpcSs | started | Remote Procedure Call (RPC) |
| RSoPProv | started | Resultant Set of Policy Provider |
| sacsvr | Special Administration Console Helper | |
| SamSs | started | Security Accounts Manager |
| SCardSvr | Smart Card | |
| Schedule | started | Task Scheduler |
| SCPolicySvc | Smart Card Removal Policy | |
| seclogon | Secondary Logon | |
| SENS | started | System Event Notification Service |
| SessionEnv | started | Remote Desktop Configuration |
| SharedAccess | Internet Connection Sharing (ICS) | |
| ShellHWDetection | Shell Hardware Detection | |
| SmcService | started | Symantec Management Client |
| SNAC | Symantec Network Access Control | |
| SNMPTRAP | SNMP Trap | |
| Splunkd | started | Splunkd |
| Splunkweb | started | Splunkweb |
| Spooler | started | Print Spooler |
| sppsvc | Software Protection | |
| sppuinotify | SPP Notification Service | |
| SSDPSRV | SSDP Discovery | |
| SstpSvc | started | Secure Socket Tunneling Protocol Service |
| swprv | Microsoft Software Shadow Copy Provider | |
| Symantec AntiVirus | started | Symantec Endpoint Protection |
| TapiSrv | started | Telephony |
| TBS | TPM Base Services | |
| TermService | started | Remote Desktop Services |
| THREADORDER | Thread Ordering Server | |
| TrkWks | started | Distributed Link Tracking Client |
| TrustedInstaller | Windows Modules Installer | |
| UI0Detect | Interactive Services Detection | |
| UmRdpService | started | Remote Desktop Services UserMode Port Redirector |
| upnphost | UPnP Device Host | |
| UxSms | started | Desktop Window Manager Session Manager |
| VaultSvc | Credential Manager | |
| vds | Virtual Disk | |
| VSS | Volume Shadow Copy | |
| W32Time | started | Windows Time |
| wbengine | Block Level Backup Engine Service | |
| WcsPlugInService | Windows Color System | |
| WdiServiceHost | Diagnostic Service Host | |
| WdiSystemHost | Diagnostic System Host | |
| Wecsvc | Windows Event Collector | |
| wercplsupport | Problem Reports and Solutions Control Panel Support | |
| WerSvc | Windows Error Reporting Service | |
| WinHttpAutoProxySvc | WinHTTP Web Proxy Auto-Discovery Service | |
| Winmgmt | started | Windows Management Instrumentation |
| WinRM | started | Windows Remote Management (WS-Management) |
| wmiApSrv | WMI Performance Adapter | |
| WPDBusEnum | Portable Device Enumerator Service | |
| wuauserv | started | Windows Update |
| wudfsvc | started | Windows Driver Foundation - User-mode Driver Framework |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Drivers List |
| Name | Status | Description |
| 1394ohci | 1394 OHCI Compliant Host Controller | |
| ACPI | started | Microsoft ACPI Driver |
| AcpiPmi | started | ACPI Power Meter Driver |
| adp94xx | adp94xx | |
| adpahci | adpahci | |
| adpu320 | adpu320 | |
| AFD | started | Ancillary Function Driver for Winsock |
| agp440 | Intel AGP Bus Filter | |
| aliide | aliide | |
| amdide | amdide | |
| AmdK8 | AMD K8 Processor Driver | |
| AmdPPM | AMD Processor Driver | |
| amdsata | amdsata | |
| amdsbs | amdsbs | |
| amdxata | started | amdxata |
| AppID | AppID Driver | |
| arc | arc | |
| arcsas | arcsas | |
| AsyncMac | started | RAS Asynchronous Media Driver |
| atapi | IDE Channel | |
| b06bdrv | started | Broadcom NetXtreme II VBD |
| b57nd60a | Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 | |
| Beep | Beep | |
| blbdrive | started | blbdrive |
| Blfm | started | BASP Virtual Adapter |
| Blfp | Broadcom Advanced Server Program Driver | |
| bowser | started | Browser Support Driver |
| BrFiltLo | Brother USB Mass-Storage Lower Filter Driver | |
| BrFiltUp | Brother USB Mass-Storage Upper Filter Driver | |
| Brserid | Brother MFC Serial Port Interface Driver (WDM) | |
| BrSerWdm | Brother WDM Serial driver | |
| BrUsbMdm | Brother MFC USB Fax Only Modem | |
| BrUsbSer | Brother MFC USB Serial WDM Driver | |
| cdfs | CD/DVD File System Reader | |
| cdrom | CD-ROM Driver | |
| CLFS | started | Common Log (CLFS) |
| CmBatt | Microsoft ACPI Control Method Battery Driver | |
| cmdide | cmdide | |
| CNG | started | CNG |
| Compbatt | Compbatt | |
| CompositeBus | started | Composite Bus Enumerator Driver |
| crcdisk | Crcdisk Filter Driver | |
| dcdbas | started | System Management Driver |
| DfsC | started | DFS Namespace Client Driver |
| discache | started | System Attribute Cache |
| Disk | started | Disk Driver |
| DXGKrnl | LDDM Graphics Subsystem | |
| ebdrv | Broadcom NetXtreme II 10 GigE VBD | |
| eeCtrl | started | Symantec Eraser Control driver |
| elxstor | elxstor | |
| EraserUtilRebootDrv | started | EraserUtilRebootDrv |
| ErrDev | started | Microsoft Hardware Error Device Driver |
| exfat | exFAT File System Driver | |
| fastfat | started | FAT12/16/32 File System Driver |
| fdc | Floppy Disk Controller Driver | |
| FileInfo | File Information FS MiniFilter | |
| Filetrace | Filetrace | |
| flpydisk | Floppy Disk Driver | |
| FltMgr | started | FltMgr |
| FsDepends | File System Dependency Minifilter | |
| gagp30kx | Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms | |
| HDAudBus | Microsoft UAA Bus Driver for High Definition Audio | |
| HidBatt | HID UPS Battery Driver | |
| HidUsb | Microsoft HID Class Driver | |
| HpSAMD | HpSAMD | |
| HTTP | started | HTTP |
| hwpolicy | started | Hardware Policy Driver |
| i8042prt | i8042 Keyboard and PS/2 Mouse Port Driver | |
| iaStorV | Intel RAID Controller Windows 7 | |
| iirsp | iirsp | |
| intelide | intelide | |
| intelppm | started | Intel Processor Driver |
| ioatdma | Intel(R) QuickData Technology Device | |
| IpFilterDriver | IP Traffic Filter Driver | |
| IPMIDRV | started | IPMIDRV |
| IPNAT | IP Network Address Translator | |
| isapnp | isapnp | |
| iScsiPrt | iScsiPort Driver | |
| kbdclass | started | Keyboard Class Driver |
| kbdhid | Keyboard HID Driver | |
| KSecDD | started | KSecDD |
| KSecPkg | started | KSecPkg |
| ksthunk | Kernel Streaming Thunks | |
| l2nd | started | Broadcom NetXtreme II BXND |
| lltdio | started | Link-Layer Topology Discovery Mapper I/O Driver |
| LSI_FC | LSI_FC | |
| LSI_SAS | LSI_SAS | |
| LSI_SAS2 | LSI_SAS2 | |
| LSI_SCSI | LSI_SCSI | |
| luafv | started | UAC File Virtualization |
| megasas | started | megasas |
| megasas2 | started | megasas2 |
| MegaSR | MegaSR | |
| Modem | Modem | |
| monitor | started | Microsoft Monitor Class Function Driver Service |
| mouclass | started | Mouse Class Driver |
| mouhid | Mouse HID Driver | |
| mountmgr | started | Mount Point Manager |
| mpio | Microsoft Multi-Path Bus Driver | |
| mpsdrv | started | Windows Firewall Authorization Driver |
| mrxsmb | started | SMB MiniRedirector Wrapper and Engine |
| mrxsmb10 | started | SMB 1.x MiniRedirector |
| mrxsmb20 | started | SMB 2.0 MiniRedirector |
| msahci | msahci | |
| msdsm | Microsoft Multi-Path Device Specific Module | |
| Msfs | started | Msfs |
| mshidkmdf | Pass-through HID to KMDF Filter Driver | |
| msisadrv | started | msisadrv |
| MsRPC | MsRPC | |
| mssmbios | started | Microsoft System Management BIOS Driver |
| MTConfig | Microsoft Input Configuration Driver | |
| Mup | started | Mup |
| NAVENG | started | NAVENG |
| NAVEX15 | started | NAVEX15 |
| NDIS | started | NDIS System Driver |
| NdisCap | NDIS Capture LightWeight Filter | |
| NdisTapi | started | Remote Access NDIS TAPI Driver |
| Ndisuio | NDIS Usermode I/O Protocol | |
| NdisWan | started | Remote Access NDIS WAN Driver |
| NDProxy | started | NDIS Proxy |
| NetBIOS | started | NetBIOS Interface |
| NetBT | started | NetBT |
| nfrd960 | nfrd960 | |
| Npfs | started | Npfs |
| nsiproxy | started | NSI proxy service driver. |
| Ntfs | started | Ntfs |
| Null | started | Null |
| nvraid | nvraid | |
| nvstor | nvstor | |
| nv_agp | NVIDIA nForce AGP Bus Filter | |
| ohci1394 | 1394 OHCI Compliant Host Controller (Legacy) | |
| Parport | Parallel port driver | |
| partmgr | started | Partition Manager |
| pci | started | PCI Bus Driver |
| pciide | pciide | |
| pcmcia | pcmcia | |
| pcw | started | Performance Counters for Windows Driver |
| PEAUTH | started | PEAUTH |
| percsas2 | started | percsas2 |
| PptpMiniport | started | WAN Miniport (PPTP) |
| Processor | Processor Driver | |
| Psched | started | QoS Packet Scheduler |
| ql2300 | ql2300 | |
| ql40xx | ql40xx | |
| RasAcd | Remote Access Auto Connection Driver | |
| RasAgileVpn | started | WAN Miniport (IKEv2) |
| Rasl2tp | started | WAN Miniport (L2TP) |
| RasPppoe | started | Remote Access PPPOE Driver |
| RasSstp | started | WAN Miniport (SSTP) |
| rdbss | started | Redirected Buffering Sub Sysytem |
| rdpbus | started | Remote Desktop Device Redirector Bus Driver |
| RDPCDD | started | RDPCDD |
| RDPDR | started | Terminal Server Device Redirector Driver |
| RDPENCDD | started | RDP Encoder Mirror Driver |
| RDPREFMP | started | Reflector Display Driver used to gain access to graphics data |
| RDPWD | started | RDP Winstation Driver |
| rspndr | started | Link-Layer Topology Discovery Responder |
| s3cap | s3cap | |
| sacdrv | sacdrv | |
| sbp2port | SBP-2 Transport/Protocol Bus Driver | |
| scfilter | Smart card PnP Class Filter Driver | |
| secdrv | started | Security Driver |
| Serenum | started | Serenum Filter Driver |
| Serial | started | Serial port driver |
| sermouse | Serial Mouse Driver | |
| sffdisk | SFF Storage Class Driver | |
| sffp_mmc | SFF Storage Protocol Driver for MMC | |
| sffp_sd | SFF Storage Protocol Driver for SDBus | |
| sfloppy | High-Capacity Floppy Disk Drive | |
| SiSRaid2 | SiSRaid2 | |
| SiSRaid4 | SiSRaid4 | |
| Smb | Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) | |
| spldr | started | Security Processor Loader Driver |
| splunkdrv-win6 | started | splunkdrv-win6 |
| SRTSP | started | SRTSP |
| SRTSPL | SRTSPL | |
| SRTSPX | started | SRTSPX |
| srv | started | Server SMB 1.xxx Driver |
| srv2 | started | Server SMB 2.xxx Driver |
| srvnet | started | srvnet |
| stexstor | stexstor | |
| storflt | started | Disk Virtual Machine Bus Acceleration Filter Driver |
| storvsc | storvsc | |
| storvsp | storvsp | |
| swenum | started | Software Bus Driver |
| SymEvent | started | SymEvent |
| Tcpip | started | TCP/IP Protocol Driver |
| TCPIP6 | Microsoft IPv6 Protocol Driver | |
| tcpipreg | started | TCP/IP Registry Compatibility |
| TDPIPE | TDPIPE | |
| TDTCP | started | TDTCP |
| tdx | started | NetIO Legacy TDI Support Driver |
| TermDD | started | Terminal Device Driver |
| tssecsrv | started | Remote Desktop Services Security Filter Driver |
| TsUsbFlt | TsUsbFlt | |
| tunnel | Microsoft Tunnel Miniport Adapter Driver | |
| uagp35 | Microsoft AGPv3.5 Filter | |
| udfs | udfs | |
| uliagpkx | Uli AGP Bus Filter | |
| umbus | started | UMBus Enumerator Driver |
| UmPass | Microsoft UMPass Driver | |
| usbccgp | Microsoft USB Generic Parent Driver | |
| usbehci | started | Microsoft USB 2.0 Enhanced Host Controller Miniport Driver |
| usbhub | started | Microsoft USB Standard Hub Driver |
| usbohci | Microsoft USB Open Host Controller Miniport Driver | |
| usbprint | Microsoft USB PRINTER Class | |
| USBSTOR | USB Mass Storage Driver | |
| usbuhci | started | Microsoft USB Universal Host Controller Miniport Driver |
| vdrvroot | started | Microsoft Virtual Drive Enumerator Driver |
| vga | started | vga |
| VgaSave | started | VgaSave |
| vhdmp | vhdmp | |
| viaide | viaide | |
| Vid | Vid | |
| vmbus | started | Virtual Machine Bus |
| VMBusHID | VMBusHID | |
| volmgr | started | Volume Manager Driver |
| volmgrx | started | Dynamic Volume Manager |
| volsnap | started | Storage volumes |
| vsmraid | vsmraid | |
| WacomPen | Wacom Serial Pen HID Driver | |
| WANARP | Remote Access IP ARP Driver | |
| Wanarpv6 | started | Remote Access IPv6 ARP Driver |
| Wd | Wd | |
| Wdf01000 | started | Kernel Mode Driver Frameworks service |
| WfpLwf | started | WFP Lightweight Filter |
| WIMMount | WIMMount | |
| WinUsb | WinUSB Driver | |
| WmiAcpi | Microsoft Windows Management Interface for ACPI | |
| ws2ifsl | Winsock IFS Driver | |
| WudfPf | started | User Mode Driver Frameworks Platform Driver |
| WUDFRd | Windows Driver Foundation - User-mode Driver Framework Reflector |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Programs Launched At Startup Through The Registry |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Product Type |
| HKLM\Software\Microsoft\Windows NT\CurrentVersion | ||
| CurrentVersion | = | 6.1 |
| ProductName | = | Windows Server 2008 R2 Enterprise |
| HKLM\SYSTEM\currentControlSet\Control\ProductOptions | ||
| ProductSuite | = | {"Enterprise", "Terminal Server"} |
| ProductType | = | ServerNT |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Registry Key Access Denied |
| HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\Properties\ |
| HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\Properties\ |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Internet Explorer Version |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Access to File Share is Enabled |
| Expand | Severity | Title | Port/Service |
|
|
1
|
BITS running on target |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows File Access Denied |
| File path | Error code |
| C:\Documents And Settings | C0000022 |
| C:\Users\Default User | C0000022 |
| C:\Users\All Users | 8000002D |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Enumerate Windows shares and shared directories readable by Everyone |
Columns in RESULTS section: The Share column shows the share name. The Path column shows the path to the share. The Share Account column shows localized human-readable name of the security principal that corresponds to the share SID value. The Share SID column shows security identifier value that can access the network share (Everyone SID is S-1-1-0). The Path Account column shows localized human-readable name of the security principal that corresponds to the path SID value. The Path SID column shows security identifier value that can access the shared directory (Everyone SID is S-1-1-0).
| Share | Path | Share Account | Share SID | Path Account | Path SID | Comments |
| Citrix PVS Vdisks | D:\Citrix PVS Vdisks | Everyone | S-1-1-0 | Everyone | S-1-1-0 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Enumerate Windows shares and shared directories readable by Everyone, Authenticated Users or Domain Users |
Columns in RESULTS section: The Share column shows the share name. The Path column shows the path to the share. The Share Account column shows localized human-readable name of the security principal that corresponds to the share SID value. The Share SID column shows security identifier value that can access the network share (Everyone SID is S-1-1-0, Authenticated Users SID is S-1-5-11, Domain Users is S-1-5-domain-513). The Path Account column shows localized human-readable name of the security principal that corresponds to the path SID value. The Path SID column shows security identifier value that can access the shared directory (Everyone SID is S-1-1-0, Authenticated Users SID is S-1-5-11, Domain Users is S-1-5-domain-513). All combinations of access to the share and the shared directory by Everyone, Authenticated Users, or Domain Users principals are reported in the separate rows. This includes Domain Users from multiple domains.
| Share | Path | Share Account | Share SID | Path Account | Path SID | Comments |
| Citrix PVS Vdisks | D:\Citrix PVS Vdisks | Everyone | S-1-1-0 | Everyone | S-1-1-0 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Automatic Update Information |
If "AUOptions" = 2, the option used is: "Notify me before downloading any updates and notify me again before installing them on the computer".
If "AUOptions" = 3, the option used is: "Download the updates automatically and notify me when they are ready to be installed".
If "AUOptions" = 4, the option used is: "Automatically Download the updates, and install them on the schedule that I specify".
"ScheduledInstallTime" is the hour (in hexadecimal) to install the updates. If "ScheduledInstallDay" is not present, Windows will try the automatic install process every day. If "ScheduledInstallDay" is defined, Windows will try the automatic install process on the day of the week specified. For example, "ScheduledInstallDay" = 1 means that the update occurs every Sunday.
It also enumerates the update server information if configured.
This feature is configurable through either Control Panel or through Group Policy Administrative Template available under Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.
On Windows 2000, click Settings on the Start menu, select Control Panel, and then open Automatic Updates.
On Windows XP, click Settings on the Start menu, select Control Panel, select System, and then open Automatic Updates.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Registry Access Level |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows System Hardware Enumeration, CPU |
| HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | ||
| Identifier | = | Intel64 Family 6 Model 26 Stepping 5 |
| ProcessorNameString | = | Intel(R) Xeon(R) CPU X5570 @ 2.93GHz |
| VendorIdentifier | = | GenuineIntel |
| ~MHz | = | 2933 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows System Hardware Enumeration, Networking Components |
| HKLM\SYSTEM\CurrentControlSet\Enum\b06bdrv\L2ND&PCI_163B14E4&SUBSYS_02F11028&REV_20\5&15451eae&0&20050100\Control | {4d36e972-e325-11ce-bfc1-08002be10318}\0007 |
| Dev: | @oem5.inf, %bcm5716c_desc%;Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) |
| Manufacturer: | @oem5.inf, %brcm%;Broadcom Corporation |
| Service: | l2nd |
| Driver Instance: | {4d36e972-e325-11ce-bfc1-08002be10318}\0007 |
| Driver Description: | Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) |
| Driver_Date: | 12-17-2009 |
| Driver_Version: | 5.2.14.0 |
| HKLM\SYSTEM\CurrentControlSet\Enum\b06bdrv\L2ND&PCI_163B14E4&SUBSYS_02F11028&REV_20\5&22f303b&0&20050100\Control | {4d36e972-e325-11ce-bfc1-08002be10318}\0010 |
| Dev: | @oem5.inf, %bcm5716c_desc%;Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) |
| Manufacturer: | @oem5.inf, %brcm%;Broadcom Corporation |
| Service: | l2nd |
| Driver Instance: | {4d36e972-e325-11ce-bfc1-08002be10318}\0010 |
| Driver Description: | Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) |
| Driver_Date: | 12-17-2009 |
| Driver_Version: | 5.2.14.0 |
| HKLM\SYSTEM\CurrentControlSet\Enum\sw\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Control | {4d36e972-e325-11ce-bfc1-08002be10318}\0011 |
| Dev: | @netrasa.inf, %mp-asyncmac-dispname%;RAS Async Adapter |
| Manufacturer: | @netrasa.inf, %msft%;Microsoft |
| Service: | AsyncMac |
| Driver Instance: | {4d36e972-e325-11ce-bfc1-08002be10318}\0011 |
| Driver Description: | RAS Async Adapter |
| Driver_Date: | 6-21-2006 |
| Driver_Version: | 6.1.7600.16385 |
| HKLM\SYSTEM\CurrentControlSet\Enum\b06bdrv\L2ND&PCI_163914E4&SUBSYS_090714E4&REV_20\5&260f44f1&0&20050500\Control | {4d36e972-e325-11ce-bfc1-08002be10318}\0013 |
| Dev: | @oem5.inf, %bcm5709c_desc%;Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) |
| Manufacturer: | @oem5.inf, %brcm%;Broadcom Corporation |
| Service: | l2nd |
| Driver Instance: | {4d36e972-e325-11ce-bfc1-08002be10318}\0013 |
| Driver Description: | Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) |
| Driver_Date: | 12-17-2009 |
| Driver_Version: | 5.2.14.0 |
| HKLM\SYSTEM\CurrentControlSet\Enum\b06bdrv\L2ND&PCI_163914E4&SUBSYS_090714E4&REV_20\5&13e1a90e&0&20050500\Control | {4d36e972-e325-11ce-bfc1-08002be10318}\0015 |
| Dev: | @oem5.inf, %bcm5709c_desc%;Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) |
| Manufacturer: | @oem5.inf, %brcm%;Broadcom Corporation |
| Service: | l2nd |
| Driver Instance: | {4d36e972-e325-11ce-bfc1-08002be10318}\0015 |
| Driver Description: | Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) |
| Driver_Date: | 12-17-2009 |
| Driver_Version: | 5.2.14.0 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows System Hardware Enumeration: Serial, Parallel and USB Device Drivers |
For serial ports and parallel ports, this information is provided: name, status, I/O port (the communication channel among hardware devices installed on the computer), IRQ channel, and driver.
| HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0501\1\Control | {4d36e978-e325-11ce-bfc1-08002be10318}\0000 |
| Dev: | @msports.inf, %*pnp0501.devicedesc%;Communications Port |
| Manufacturer: | @msports.inf, %std%;(Standard port types) |
| Service: | Serial |
| Driver Instance: | {4d36e978-e325-11ce-bfc1-08002be10318}\0000 |
| Driver Description: | Communications Port |
| Driver_Date: | 6-21-2006 |
| Driver_Version: | 6.1.7600.16385 |
| HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0501\2\Control | {4d36e978-e325-11ce-bfc1-08002be10318}\0001 |
| Dev: | @msports.inf, %*pnp0501.devicedesc%;Communications Port |
| Manufacturer: | @msports.inf, %std%;(Standard port types) |
| Service: | Serial |
| Driver Instance: | {4d36e978-e325-11ce-bfc1-08002be10318}\0001 |
| Driver Description: | Communications Port |
| Driver_Date: | 6-21-2006 |
| Driver_Version: | 6.1.7600.16385 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Audit Settings Enumerated From LSA |
You should specify an administrator privileged user in the "Windows Authentication Record" preferences of QualysGuard for this detection to be successful.
Use the MMC snapin "Administrative Tools" - "Local Security Policy" to change the settings. These options are listed under "Local Policy" - "Audit Policy".
| Audit system events | No Auditing |
| Audit logon events | No Auditing |
| Audit object access | No Auditing |
| Audit privilege use | No Auditing |
| Audit process tracking | No Auditing |
| Audit policy change | No Auditing |
| Audit account management | No Auditing |
| Audit directory service access | No Auditing |
| Audit account logon events | No Auditing |
| Expand | Severity | Title | Port/Service |
|
|
1
|
File Access Permissions for Regedt32.exe |
| Expand | Severity | Title | Port/Service |
|
|
1
|
File Access Permissions for Regedit.exe |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows System EventLog Policy Parameters |
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System
RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the System EventLog.
MaxSize - This value specifies tha maximum size limit for the System EventLog database.
Retention - This value specifies the overwrite behavior for the System EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify number of days that eventlog entries are preserved before overwriting.
| HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System | ||
| MaxSize | = | 33554432 |
| Retention | = | 0 |
| RestrictGuestAccess | = | 1 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Application EventLog Policy Parameters |
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Application EventLog database.
MaxSize - This value specifies tha maximum size limit for the Application EventLog database.
Retention - This value specifies the overwrite behavior for the Application EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.
| HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application | ||
| MaxSize | = | 33554432 |
| Retention | = | 0 |
| RestrictGuestAccess | = | 1 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Security EventLog Policy Parameters |
RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Security EventLog.
MaxSize - This value specifies tha maximum size limit for the Security EventLog database.
Retention - This value specifies the overwrite behavior for the Security EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.
| HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security | ||
| MaxSize | = | 268435456 |
| Retention | = | 0 |
| RestrictGuestAccess | = | 1 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Message For Users Attempting To Logon To Windows System |
LegalNoticeCaption (REG_SZ) and LegalNoticeText (REG_SZ)
| Expand | Severity | Title | Port/Service |
|
|
1
|
Group Policy Objects Processed By SecCli are Enumerated from History Log |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Builtin User Group Membership Audit - Backup Operators |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Builtin User Group Membership Audit - Replicator |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Builtin User Group Membership Audit - Network Configuration Operators |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IPSEC Policy Agent Service Status Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Explorer Search Companion Setting |
| KEY: | Software\Microsoft\Internet Explorer\Main | Use Search Asst |
| Local_System | Last Change: | value_missing_Q |
| Local_Service | Last Change: | value_missing_Q |
| Network_Service | Last Change: | value_missing_Q |
| S-1-5-21-211078830-3296991091-4275501491-1000 | Last Change: | value_missing_Q |
| S-1-5-21-211078830-3296991091-4275501491-1001 | Last Change: | value_missing_Q |
| Domain_Administrator | Last Change: | value_missing_Q |
| AD\thensley.adm | Last Change: | value_missing_Q |
| S-1-5-21-344340502-4252695000-2390403120-1277589 | Last Change: | value_missing_Q |
| AD\hmeriwet.adm | Last Change: | value_missing_Q |
| AD\semone.adm | Last Change: | value_missing_Q |
| AD\noel.adm | Last Change: | value_missing_Q |
| AD\haro.adm | Last Change: | value_missing_Q |
| AD\jamesfox.adm | Last Change: | value_missing_Q |
| AD\dewilde.adm | Last Change: | value_missing_Q |
| AD\brinegar.adm | Last Change: | value_missing_Q |
| AD\zfisher.adm | Last Change: | value_missing_Q |
| AD\tcandrew.adm | Last Change: | value_missing_Q |
| AD\dadesky.adm | Last Change: | value_missing_Q |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Silverlight Version |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Forensics MRU Enumeration - Regedit.exe |
| Key: | Software\Microsoft\Windows\CurrentVersion\Applets\Regedit | Value: | Lastkey |
| User: | AD\semone.adm | VAL: | Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0015 |
| Key: | Software\Microsoft\Windows\CurrentVersion\Applets\Regedit | Value: | Lastkey |
| User: | AD\brinegar.adm | VAL: | Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Forensics MRU Enumeration - WordPad Files |
| Key: | Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List | Value: | File1 |
| User: | AD\semone.adm | VAL: | C:\Users\semone.adm\Desktop\proserver.properties |
| Key: | Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List | Value: | File1 |
| User: | AD\jamesfox.adm | VAL: | D:\BackupServer\ocs-managed\asdc2.asntdomain1.cas.unc.edu\readmet.rtf |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Default Web Page | port 4280/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Web Server Supports HTTP Request Pipelining | port 4280/tcp |
The target Web server was found to support this functionality of the HTTP 1.1 protocol.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Web Server Version | crashplan.oasis.unc.edu:4280/tcp |
| Server Version | Server Banner |
| Jetty(7.6.3.v20120416) | Jetty(7.6.3.v20120416) |
| Expand | Severity | Title | Port/Service |
|
|
1
|
List of Web Directories | crashplan.oasis.unc.edu:4280/tcp |
| Directory | Source |
| /console/ | brute force |
| /console/ | web page |
| /console/shared/ | web page |
| /console/shared/js/ | web page |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 3071/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL/TLS invalid protocol version tolerance | port 3071/tcp over SSL |
| my version | target version |
| 0304 | 0301 |
| 0399 | 0301 |
| 0400 | rejected |
| 0499 | rejected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 3071/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 27599/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 27599/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL/TLS invalid protocol version tolerance | port 27599/tcp over SSL |
| my version | target version |
| 0304 | 0301 |
| 0399 | 0301 |
| 0400 | 0301 |
| 0499 | 0301 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate will expire within next six months | port 27599/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 27599/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 27599/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 72:cc:4c:6c:b0:8d:d9:b8:40:d5:5c:85:08:41:3f:53 |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| commonName | CAS-ENTBKUP1.ad.unc.edu |
| (0)SUBJECT NAME | |
| commonName | CAS-ENTBKUP1.ad.unc.edu |
| (0)Valid From | Dec 12 14:10:06 2012 GMT |
| (0)Valid Till | Jun 13 14:10:06 2013 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (2048 bit) |
| (0) | Public-Key: (2048 bit) |
| (0) | Modulus: |
| (0) | 00:c8:6b:69:17:e8:64:9d:8a:ff:ec:ce:ab:ea:6e: |
| (0) | e7:82:fb:4a:2f:46:81:7b:53:a4:55:88:92:28:cf: |
| (0) | cf:47:09:85:5a:60:f1:f5:c8:bb:5e:6c:5d:89:17: |
| (0) | e3:e6:13:06:16:82:3b:8b:5e:a7:02:38:6e:94:2a: |
| (0) | 4d:a8:33:83:fe:2d:26:94:19:83:8a:a6:41:94:94: |
| (0) | 63:d9:fb:c8:1c:ed:8f:c5:70:dd:97:8e:2c:f9:43: |
| (0) | 0d:66:36:df:34:21:2e:99:12:dc:af:f0:0a:a1:4d: |
| (0) | 02:84:e2:c6:cb:0e:e5:ca:00:b8:47:db:01:31:12: |
| (0) | d6:e2:16:20:e7:31:1f:88:7a:65:c0:a7:33:d4:fd: |
| (0) | 00:cf:e2:2c:22:52:06:1b:24:8d:d6:3e:b0:93:78: |
| (0) | cf:37:09:7f:8a:34:a6:bf:15:3c:56:77:7d:41:a5: |
| (0) | 28:50:f9:e7:0d:14:37:00:50:35:4f:81:d3:53:2e: |
| (0) | 49:6a:b7:f2:ea:98:d0:19:c2:d6:ba:5b:e6:36:97: |
| (0) | 8c:c8:90:1d:19:35:16:7d:a2:82:8b:0d:91:f7:6a: |
| (0) | 72:5d:e6:f3:e2:a3:c7:a4:1a:5d:f3:48:8a:8a:6a: |
| (0) | 82:86:8c:bd:b0:82:cf:45:4d:64:04:da:85:8d:09: |
| (0) | c6:ee:80:fc:4e:d0:6d:e4:c6:03:b4:98:69:4c:75: |
| (0) | 8f:f5 |
| (0) | Exponent: 65537 (0x10001) |
| (0)X509v3 EXTENSIONS | |
| (0)X509v3 Extended Key Usage | TLS Web Server Authentication |
| (0)X509v3 Key Usage | Key Encipherment, Data Encipherment |
| (0)Signature | (256 octets) |
| (0) | 6b:92:94:be:37:87:15:64:47:cf:c2:2f:c9:cc:e7:3e |
| (0) | 98:4f:c1:6f:b2:da:94:49:06:12:4b:af:4a:d4:e3:77 |
| (0) | fc:e0:b4:b2:59:1d:de:8e:d2:62:f4:b9:e8:21:83:c6 |
| (0) | 04:90:a6:9f:2c:7f:aa:6c:70:cf:04:f0:c9:68:be:32 |
| (0) | 38:27:af:cd:12:9b:ec:aa:8a:a4:60:63:e2:0f:84:f0 |
| (0) | da:8b:2d:f0:eb:d6:00:27:1d:6c:ec:45:21:e1:93:67 |
| (0) | 13:31:ec:1d:ae:ff:87:7c:55:49:55:a1:7f:24:0a:84 |
| (0) | 01:68:07:b7:2d:e8:83:11:88:ef:b9:ef:28:7d:79:df |
| (0) | 89:f2:13:05:fa:a2:7b:11:1d:72:3e:31:63:f4:a5:b2 |
| (0) | 1c:d9:26:e4:58:18:45:8d:0d:38:4b:5f:a5:1a:a1:e6 |
| (0) | de:50:73:97:94:af:0b:08:86:1c:6c:e0:b9:bd:59:9a |
| (0) | 5f:c9:6e:fd:cb:a6:9e:84:92:1b:f1:51:74:c9:b1:56 |
| (0) | d2:22:73:58:fd:81:30:4d:80:15:7d:d8:76:ee:d2:54 |
| (0) | b2:d5:45:b3:8b:3c:23:da:a1:e9:ce:7f:78:b0:65:30 |
| (0) | 32:d4:c7:50:63:ad:02:a4:a9:67:61:32:4d:f2:a1:ca |
| (0) | 61:08:0c:65:a5:e6:ee:35:04:e9:f8:e1:5e:a8:cf:cf |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Default Web Page | port 4285/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 4285/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 4285/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL/TLS invalid protocol version tolerance | port 4285/tcp over SSL |
| my version | target version |
| 0304 | 0301 |
| 0399 | 0301 |
| 0400 | rejected |
| 0499 | rejected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate will expire within next six months | port 4285/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 4285/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 4285/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 1 (0x0) |
| (0)Serial Number | 1221750756 (0x48d26fe4) |
| (0)Signature Algorithm | md5WithRSAEncryption |
| (0)ISSUER NAME | |
| countryName | US |
| stateOrProvinceName | Minnesota |
| localityName | Minneapolis |
| organizationName | CrashPlan |
| organizationalUnitName | PRO Server |
| commonName | Unknown |
| (0)SUBJECT NAME | |
| countryName | US |
| stateOrProvinceName | Minnesota |
| localityName | Minneapolis |
| organizationName | CrashPlan |
| organizationalUnitName | PRO Server |
| commonName | Unknown |
| (0)Valid From | Sep 18 15:12:36 2008 GMT |
| (0)Valid Till | Sep 17 15:12:36 2013 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (1024 bit) |
| (0) | Public-Key: (1024 bit) |
| (0) | Modulus: |
| (0) | 00:a1:37:8a:2b:eb:08:0d:3d:ac:58:5c:a9:c0:f8: |
| (0) | 3c:59:1c:c7:66:ca:1c:80:5c:d7:28:5d:b6:81:82: |
| (0) | c4:4e:34:cd:78:16:a2:25:2e:d9:c8:2e:04:16:d0: |
| (0) | ec:d9:67:7f:b0:46:71:eb:c8:7d:f1:8d:cd:b4:ca: |
| (0) | 8d:7d:fe:c9:8c:b7:7f:58:99:21:58:f1:0a:66:5f: |
| (0) | 5f:ef:72:78:d6:85:cb:7b:d8:4a:76:74:38:9e:64: |
| (0) | 70:3f:32:c0:30:63:c7:95:f2:c3:94:40:97:67:db: |
| (0) | 54:ec:4e:71:e8:90:ea:dd:bd:35:08:1b:ff:01:68: |
| (0) | 14:e2:91:ff:f5:2d:05:a8:b1 |
| (0) | Exponent: 65537 (0x10001) |
| (0)Signature | (128 octets) |
| (0) | 2b:d4:a0:f2:6e:37:57:62:df:2e:15:2d:53:ab:61:e7 |
| (0) | ea:65:9d:af:c5:f2:bd:f3:08:c6:31:e8:54:b5:65:5b |
| (0) | ab:33:c5:79:c3:9a:7e:88:95:f6:92:1b:46:ec:50:55 |
| (0) | 46:ae:0d:ec:25:9e:38:de:a9:8a:12:02:85:20:e4:34 |
| (0) | 54:c5:84:3d:4e:51:7f:2d:f0:b6:5a:f9:bd:eb:9a:ed |
| (0) | a2:e4:cd:d2:ea:d3:50:cc:3c:aa:ab:3f:e4:be:a1:ba |
| (0) | c2:12:24:6a:cc:d0:51:ec:d4:61:53:e0:18:94:2f:76 |
| (0) | 1f:7b:42:b9:96:7e:6d:23:10:14:87:8c:ec:d5:25:f6 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Web Server Supports HTTP Request Pipelining | port 4285/tcp over SSL |
The target Web server was found to support this functionality of the HTTP 1.1 protocol.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Web Server Version | crashplan.oasis.unc.edu:4285/tcp |
| Server Version | Server Banner |
| Jetty(7.6.3.v20120416) | Jetty(7.6.3.v20120416) |
| Expand | Severity | Title | Port/Service |
|
|
1
|
List of Web Directories | crashplan.oasis.unc.edu:4285/tcp |
| Directory | Source |
| /console/ | brute force |
| /console/ | web page |
| /console/shared/ | web page |
| /console/shared/js/ | web page |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Built-in Guest Account Not Renamed at Windows Target System |
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSL Server Supports Weak Encryption Vulnerability | port 1311/tcp over SSL |
SSL encryption ciphers are classified based on encryption key length as follows:
Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.
The following link provides more information about this vulnerability:
Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.
Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"
IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS
For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633
| CIPHER | KEY-EXCHANGE | AUTHENTICATION | MAC | ENCRYPTION(KEY-STRENGTH) | GRADE |
| SSLv3 WEAK CIPHERS | |||||
| EDH-RSA-DES-CBC-SHA | DH | RSA | SHA1 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-EDH-RSA-DES-CBC-SHA | DH(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| TLSv1 WEAK CIPHERS | |||||
| EDH-RSA-DES-CBC-SHA | DH | RSA | SHA1 | DES(56) | LOW |
| DES-CBC-SHA | RSA | RSA | SHA1 | DES(56) | LOW |
| EXP-EDH-RSA-DES-CBC-SHA | DH(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-DES-CBC-SHA | RSA(512) | RSA | SHA1 | DES(40) | LOW |
| EXP-RC4-MD5 | RSA(512) | RSA | MD5 | RC4(40) | LOW |
| Expand | Severity | Title | Port/Service |
|
|
3
|
SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability | port 1311/tcp over SSL |
In SSLv3.0 and TLSv1.0 implementation the choice CBC mode usage was poor because the entire traffic shares one CBC session with single set of initial IVs. The rest of the IV are as mentioned above results of the encryption of the previous blocks. The subsequent IV are available to the eavesdroppers. This allows an attacker with the capability to inject arbitrary traffic into the plain-text stream (to be encrypted by the client) to verify their guess of the plain-text preceding the injected block. If the attackers guess is correct then the output of the encryption will be the same for two blocks.
For low entropy data it is possible to guess the plain-text block with relatively few number of attempts. For example for data that has 1000 possibilities the number of attempts can be 500.
For more information please see a paper by Gregory V. Bard.
Setting your SSL server to prioritize RC4 ciphers mitigates this vulnerability. Microsoft has posted information including workarounds for IIS at KB2588513.
Using the following SSL configuration in Apache mitigates this vulnerability:
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
Qualys SSL/TLS Deployment Best Practices can be found here.
| Available non CBC cipher | Server's choice | SSL version |
| RC4-SHA | EDH-RSA-DES-CBC3-SHA | SSLv3 |
| RC4-SHA | EDH-RSA-DES-CBC3-SHA | TLSv1 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Hidden RPC Services |
When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list. However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).
| Name | Program | Version | Protocol | Port |
| nfs | 100003 | 2-3 | tcp | 2049 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Global User List |
| User Name | Source Vulnerability (QualysID) |
| cas.admin | 45032 |
| Guest | 90266, 45027, 45031 |
| balen | 45031, 105234 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
NetBIOS Name Accessible |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure |
When an RDP client initiates a session with an RDP server, the server responds with a server certificate containing an RSA public key and its digital signature. The client decrypts the signature using the server's public key and compares the result with the hash of the new public key received from the server to verify the identity of the server.
The vulnerability presents itself because a private key that is used to sign the Terminal Server public key is hardcoded in "mstlsapi.dll". A subroutine of the "TLSInit" API dynamically creates, uses and de-allocates this key.
Workarounds:
- As there is no patch, this vulnerability should be mitigated by using some semblance of network filtering (e.g., firewalling RDP off from the open Internet).
For Windows Server 2003, the security of Terminal Server can be enhanced by configuring Terminal Services connections to use Transport Layer Security (TLS) 1.0 for server authentication, and to encrypt terminal server communications. Please refer to cc782610 to obtain additional details.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Unused Active Windows Accounts Found |
| Expand | Severity | Title | Port/Service |
|
|
2
|
SSL Certificate - Self-Signed Certificate | port 1311/tcp over SSL |
The client can trust that the Server Certificate belongs the server only if it is signed by a mutually trusted third-party Certificate Authority (CA). Self-signed certificates are created generally for testing purposes or to avoid paying third-party CAs. These should not be used on any production or critical servers.
By exploiting this vulnerability, an attacker can impersonate the server by presenting a fake self-signed certificate. If the client knows that the server does not have a trusted certificate, it will accept this spoofed certificate and communicate with the remote server.
| Expand | Severity | Title | Port/Service |
|
|
2
|
SSL Certificate - Subject Common Name Does Not Match Server FQDN | port 1311/tcp over SSL |
A certificate whose Subject commonName or subjectAltName does not match the server FQDN offers only encryption without authentication.
Please note that a false positive reporting of this vulnerability is possible in the following case:
| Expand | Severity | Title | Port/Service |
|
|
2
|
SSL Certificate - Signature Verification Failed Vulnerability | port 1311/tcp over SSL |
If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication.
Exception:
If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature.
| Expand | Severity | Title | Port/Service |
|
|
3
|
SMB Signing Disabled or SMB Signing Not Required |
SMB signing adds security to a network using NetBIOS, avoiding man-in-the-middle attacks.
When SMB signing is enabled on both the client and server SMB sessions are authenticated between the machines on a packet by packet basis.
Please refer to Microsoft's article 887429 for information on enabling SMB signing.
For Windows Server 2008 R2, Windows Server 2012, please refer to Microsoft's article Require SMB Security Signatures for information on enabling SMB signing.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows User Accounts With Unchanged Passwords |
| Expand | Severity | Title | Port/Service |
|
|
2
|
TLS Protocol Session Renegotiation Security Vulnerability | port 1311/tcp over SSL |
TLS protocol is prone to a security vulnerability that allows for man-in-the-middle attacks. Note that this issue does not allow attackers to decrypt encrypted data
Specifically, the issue exists in a way applications handle the session renegotiation process and may allow attackers to inject arbitrary plaintext into the beginning of application protocol stream. The attack has been confirmed to work with HTTP as the application protocol but it is believed to be also possible with other protocols that are layered on TLS.
Mitigating factors: To successfully exploit this vulnerability a full man-in-the-middle control of the TCP connection is required. The attacker needs to accept the TCP connection from the client and establish a new connection to the server.
Workaround:
OpenSSL has provided a version (0.9.8l) that has a workaround. Please refer to OpenSSL Change Log (Changes between 0.9.8k and 0.9.8l Section) to obtain additional details.
Microsoft has provided the following workaround:
- Enable SSLAlwaysNegoClientCert on IIS 6 and above: Web servers running IIS 6 and later that are affected because they require mutual authentication by requesting a client certificate, can be hardened by enabling the SSLAlwaysNegoClientCert setting. This will cause IIS to prompt the client for a certificate upon the initial connection, and does not require a server-initiated renegotiation.
Impact of the workaround: Setting this flag will require the client to authenticate prior to loading any element from the SSL-protected web site. This will cause the browser to always prompt the user for a client certificate upon connecting to the SSL protected Web site.
Refer to Microsoft Security Advisory 977377 for further details on applying the workarounds. Additional information is also available at KB977377.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
| Expand | Severity | Title | Port/Service |
|
|
2
|
Deprecated Public Key Length | port 1311/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
3
|
Remote Access or Management Service Detected |
The Results section includes information on the remote access service that was found on the target.
Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.
| Expand | Severity | Title | Port/Service |
|
|
3
|
Accounts Enumerated From SAM Database Whose Passwords Do Not Expire |
| Expand | Severity | Title | Port/Service |
|
|
3
|
NetBIOS Bindings Information |
| Name | Service | NetBIOS Suffix |
| CAS-PY-DFS1B | Workstation Service | 0x0 |
| AD | Domain Name | 0x0 |
| CAS-PY-DFS1B | File Server Service | 0x20 |
| Expand | Severity | Title | Port/Service |
|
|
3
|
NetBIOS Shared Folders |
| Device Name | Comment | Type | Label | Size | Description |
| ADMIN$ | Remote Admin | -2147483648 | |||
| andilab | 0 | ||||
| arnoldlab | 0 | ||||
| arnoldlab2 | 0 | ||||
| C$ | Default share | -2147483648 | |||
| D$ | Default share | -2147483648 | |||
| E$ | Default share | -2147483648 | |||
| F$ | Default share | -2147483648 | |||
| fac | 0 | ||||
| facwebsite | 0 | ||||
| gordongroup | 0 | ||||
| grad | 0 | ||||
| IPC$ | Remote IPC | -2147483645 | |||
| paolab | 0 | ||||
| peter | 0 | ||||
| staff | 0 | ||||
| wrkgrps | 0 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Operating System Detected |
1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.
| Operating System | Technique | ID | |
| Windows 2008 Enterprise Server Service Pack 2 | CIFS via TCP Port 445 | ||
| Windows Vista / Windows 2008 / Windows 7 | TCP/IP Fingerprint | U2514:135 | |
| Windows 2003/XP/Vista/2008 | MS-RPC | Fingerprint | |
| Windows 2008/Vista | NTLMSSP |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Effective Password Policy Information Gathering Via SAM Database |
Minimum Password Age in Days
Maximum Password Age in Days
Minimum Password Length in Characters
Password History (Number of old passwords remembered)
The policy is the effective policy, which is a combination of the local policy settings (if any) and the domain-wide policy settings made on the Domain Controller(s) for the domain.
This probe requires authentication to be successful.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Windows Domain Effective Account Lockout Policy Information Gathered Via SAM Database |
It should be noted that if the Domain Controller/Active Directory on this domain enforces a policy as well, the Domain Controller policy will override the local policies (if any) of each host. Further, it takes up to a couple of minutes for changes on the Domain Controller policy to be propogated to all the individual hosts on that domain.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Open DCE-RPC / MS-RPC Services List |
| Description | Version | TCP Ports | UDP Ports | HTTP Ports | NetBIOS/CIFS Pipes |
| DCE Endpoint Mapper | 3.0 | 135 | \PIPE\epmapper | ||
| DCE Remote Management | 1.0 | \PIPE\epmapper | |||
| DCOM OXID Resolver | 0.0 | 135 | \PIPE\epmapper | ||
| DCOM Remote Activation | 0.0 | 135 | \PIPE\epmapper | ||
| DCOM System Activator | 0.0 | 135 | \PIPE\epmapper | ||
| Microsoft Event Log Service | 0.0 | \PIPE\eventlog | |||
| Microsoft Local Security Architecture | 0.0 | \PIPE\lsarpc | |||
| Microsoft Network Logon | 1.0 | \PIPE\NETLOGON | |||
| Microsoft Registry | 1.0 | \PIPE\winreg | |||
| Microsoft Scheduler Control Service | 1.0 | \PIPE\atsvc | |||
| Microsoft Security Account Manager | 1.0 | 49154 | \PIPE\samr, \pipe\lsass | ||
| Microsoft Server Service | 3.0 | \PIPE\srvsvc | |||
| Microsoft Service Control Service | 2.0 | 55177 | \PIPE\svcctl | ||
| Microsoft Spool Subsystem | 1.0 | 49164 | |||
| Microsoft Task Scheduler | 1.0 | \PIPE\atsvc | |||
| Microsoft Workstation Service | 1.0 | \PIPE\wkssvc | |||
| WinHttp Auto-Proxy Service | 5.1 | \PIPE\W32TIME_ALT, \PIPE\wkssvc | |||
| (Unknown Service) | 1.0 | 135 | |||
| (Unknown Service) | 0.0 | 135 | |||
| (Unknown Service) | 2.0 | 135 | |||
| RPC ROUTER SERVICE | 1.0 | \PIPE\ROUTER | |||
| Impl friendly name | 1.0 | 49155 | \pipe\lsass, \PIPE\ROUTER, \PIPE\srvsvc, \PIPE\atsvc | ||
| (Unknown Service) | 1.0 | 49152 | \PIPE\InitShutdown | ||
| (Unknown Service) | 1.0 | \PIPE\InitShutdown | |||
| DHCP Client LRPC Endpoint | 1.0 | 49153 | \pipe\eventlog | ||
| DHCPv6 Client LRPC Endpoint | 1.0 | 49153 | \pipe\eventlog | ||
| Event log TCPIP | 1.0 | 49153 | \pipe\eventlog | ||
| (Unknown Service) | 1.0 | 49155 | \PIPE\ROUTER, \PIPE\srvsvc, \PIPE\atsvc | ||
| IKE/Authip API | 1.0 | 49155 | \PIPE\atsvc | ||
| (Unknown Service) | 1.0 | 49155 | \PIPE\atsvc | ||
| Remote Fw APIs | 1.0 | 49164 | |||
| Unimodem LRPC Endpoint | 1.0 | \pipe\tapsrv | |||
| Frs2 Service | 1.0 | 55196 |
| Expand | Severity | Title | Port/Service |
|
|
2
|
Host Uptime Based on TCP TimeStamp Option |
Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.
| Expand | Severity | Title | Port/Service |
|
|
2
|
Real Name of Built-in Guest Account Enumerated |
| Expand | Severity | Title | Port/Service |
|
|
1
|
DNS Host Name |
| IP address | Host name |
| 152.2.41.165 | cas-py-dfs1b.ad.unc.edu |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Firewall Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Network Adapter MAC Address |
| Method | MAC Address | Vendor |
| NBTSTAT | 00:22:19:2C:6F:AA |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Target Network Information |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Internet Service Provider |
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Traceroute |
| Hops | IP | Round Trip Time | Probe |
| 1 | 152.2.20.1 | 0.40ms | ICMP |
| 2 | 152.19.253.105 | 0.87ms | ICMP |
| 3 | 152.19.255.254 | 0.97ms | ICMP |
| 4 | 152.19.255.210 | 1.02ms | ICMP |
| 5 | 152.2.41.165 | 1.47ms | ICMP |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Disabled Accounts Enumerated From SAM Database |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Administrator Account's Real Name Found From LSA Enumeration |
Windows systems by default have the administrator account's name configured as "Administrator". This can very easily be changed to a non-default value (like root, for example) to harden security against password bruteforcing.
LSA, internally, refers to user accounts by what are called RIDs (Relative IDs) instead of the friendlier names (like "Administrator") used only for GUI and display purposes. The administrator account on any Windows system always has a RID of 500, even if the name has been changed.
The scanner probed the LSA for the name that maps to the RID of 500, which is the administrator account name, changed or unchanged. The name is listed in the Result section below.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Scan Time |
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Host Names Found |
| Host Name | Source |
| CAS-PY-DFS1B.ad.unc.edu | NTLM DNS |
| cas-py-dfs1b.ad.unc.edu | FQDN |
| CAS-PY-DFS1B | NTLM NetBIOS |
| CAS-PY-DFS1B | NetBIOS |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Authentication Method |
The service also attempts to authenticate using common credentials. You should verify that the credentials used for successful authentication were those that were provided in the Windows authentication record. User-provided credentials failed if the discovery method shows "Unable to log in using credentials provided by user, fallback to NULL session". If this is the case, verify that the credentials specified in the Windows authentication record are valid for this host.
| User Name | DOM qualys.scn |
| Domain | AD |
| Authentication Scheme | Kerberos |
| Security | User-based |
| SMBv1 Signing | Disabled |
| Discovery Method | Login credentials provided by user |
| Authentication Record | AD.UNC.EDU Credentials |
| CIFS Version | SMB v2.002 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Authentication Method for User-Provided Credentials |
| User Name | DOM qualys.scn |
| Domain | AD |
| Authentication Scheme | Kerberos |
| Security | User-based |
| SMBv1 Signing | Disabled |
| Authentication Record | AD.UNC.EDU Credentials |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open UDP Services List |
Note that if the host is behind a firewall, there is a small chance that the list includes a few ports that are filtered or blocked by the firewall but are not actually open on the target host. This (false positive on UDP open ports) may happen when the firewall is configured to reject UDP packets for most (but not all) ports with an ICMP Port Unreachable packet. This may also happen when the firewall is configured to allow UDP packets for most (but not all) ports through and filter/block/drop UDP packets for only a few ports. Both cases are uncommon.
| Port | IANA Assigned Ports/Services | Description | Service Detected |
| 111 | sunrpc | SUN Remote Procedure Call | rpc udp |
| 123 | ntp | Network Time Protocol | unknown |
| 137 | netbios-ns | NETBIOS Name Service | netbios ns |
| 138 | netbios-dgm | NETBIOS Datagram Service | unknown |
| 500 | isakmp | isakmp | unknown |
| 1039 | unknown | unknown | unknown |
| 1047 | neod1 | Sun's NEO Object Request Broker | unknown |
| 1048 | neod2 | Sun's NEO Object Request Broker | unknown |
| 2049 | nfs | Network File System - Sun Microsystems | nfs |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Open TCP Services List |
The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).
| Port | IANA Assigned Ports/Services | Description | Service Detected | OS On Redirected Port |
| 111 | sunrpc | SUN Remote Procedure Call | rpc | |
| 135 | msrpc-epmap | epmap DCE endpoint resolution | DCERPC Endpoint Mapper | |
| 139 | netbios-ssn | NETBIOS Session Service | netbios ssn | |
| 445 | microsoft-ds | Microsoft-DS | microsoft-ds | |
| 1039 | unknown | unknown | rpc | |
| 1047 | neod1 | Sun's NEO Object Request Broker | rpc | |
| 1048 | neod2 | Sun's NEO Object Request Broker | rpc | |
| 1311 | rxmon | RxMon | http over ssl | |
| 2049 | nfs | Network File System - Sun Microsystems | rpc | |
| 3389 | ms-wbt-server | MS WBT Server | win remote desktop | |
| 47001 | unknown | unknown | http | |
| 49152 | unknown | unknown | unknown | |
| 49153 | unknown | unknown | unknown | |
| 49154 | unknown | unknown | unknown | |
| 49155 | unknown | unknown | unknown | |
| 49164 | unknown | unknown | unknown | |
| 55177 | unknown | unknown | unknown | |
| 55196 | unknown | unknown | unknown |
| Expand | Severity | Title | Port/Service |
|
|
1
|
ICMP Replies Received |
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
| ICMP Reply Type | Triggered By | Additional Information |
| Echo (type=0 code=0) | Echo Request | Echo Reply |
| Unreachable (type=3 code=3) | UDP Port 80 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 1046 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 5569 | Port Unreachable |
| Time Stamp (type=14 code=0) | Time Stamp Request | 15:03:19 GMT |
| Unreachable (type=3 code=3) | UDP Port 512 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 9 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 1049 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 21451 | Port Unreachable |
| Unreachable (type=3 code=2) | IP with High Protocol | Protocol Unreachable |
| Unreachable (type=3 code=3) | UDP Port 4000 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 1028 | Port Unreachable |
| Unreachable (type=3 code=3) | UDP Port 1037 | Port Unreachable |
| Expand | Severity | Title | Port/Service |
|
|
1
|
NetBIOS Host Name |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Degree of Randomness of TCP Initial Sequence Numbers |
| Expand | Severity | Title | Port/Service |
|
|
1
|
IP ID Values Randomness |
Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.
| Expand | Severity | Title | Port/Service |
|
|
1
|
NetBIOS Workgroup Name Detected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Windows Registry Key Access Denied |
| HKLM\Software\Microsoft\Windows NT\CurrentVersion\ |
| HKLM\Software\Microsoft\Windows NT\ |
| HKLM\Software\Microsoft\ |
| HKLM\Software\ |
| HKLM\Software\Microsoft\Windows\CurrentVersion\ |
| HKLM\Software\Microsoft\Windows\ |
| HKLM\SYSTEM\CurrentControlSet\Services\Qualys non existing key\ |
| HKLM\SYSTEM\CurrentControlSet\Services\ |
| HKLM\SYSTEM\CurrentControlSet\ |
| HKLM\SYSTEM\ |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Microsoft Windows Network Level Authentication Disabled |
The registry key for the Network Level Authentication (NLA) is disabled.
Network Level Authentication is supported on Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2
As a precaution, always test in a QA or rehearsal environment before rolling out to production.
Note: Client computers that do not support Credential Security Support Provider (CredSSP) protocol will not be able to access servers protected with Network Level Authentication. Windows XP does not support the CredSSP protocol by default.
| Expand | Severity | Title | Port/Service |
|
|
1
|
Default Web Page | port 47001/tcp |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Web Server Version | port 47001/tcp |
| Server Version | Server Banner |
| _ | Microsoft-HTTPAPI/2.0 |
| Expand | Severity | Title | Port/Service |
|
|
1
|
Default Web Page | port 1311/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Server Information Retrieval | port 1311/tcp over SSL |
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was
possible to establish a SSL connection using that cipher. There are some
web servers setups that allow connections to be established using a LOW
grade cipher, only to provide a web page stating that the URL is
accessible only through a non-LOW grade cipher. In this case even though
LOW grade cipher will be listed here QID 38140 will not be reported.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Session Caching Information | port 1311/tcp over SSL |
This test determines if SSL session caching is enabled on the host.
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL/TLS invalid protocol version tolerance | port 1311/tcp over SSL |
| my version | target version |
| 0304 | 0301 |
| 0399 | 0301 |
| 0400 | rejected |
| 0499 | rejected |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate will expire within next six months | port 1311/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
TLS Secure Renegotiation Extension Supported | port 1311/tcp over SSL |
| Expand | Severity | Title | Port/Service |
|
|
1
|
SSL Certificate - Information | port 1311/tcp over SSL |
| NAME | VALUE |
| (0)CERTIFICATE 0 | |
| (0)Version | 3 (0x2) |
| (0)Serial Number | 1307108968 (0x4de8e668) |
| (0)Signature Algorithm | sha1WithRSAEncryption |
| (0)ISSUER NAME | |
| countryName | US |
| stateOrProvinceName | TX |
| localityName | Round Rock |
| organizationalUnitName | SA Enterprise Software Development |
| organizationName | Dell Inc |
| commonName | CAS-PY-DFS1B |
| (0)SUBJECT NAME | |
| countryName | US |
| stateOrProvinceName | TX |
| localityName | Round Rock |
| organizationalUnitName | SA Enterprise Software Development |
| organizationName | Dell Inc |
| commonName | CAS-PY-DFS1B |
| (0)Valid From | Jun 3 13:49:28 2011 GMT |
| (0)Valid Till | Jun 2 13:49:28 2013 GMT |
| (0)Public Key Algorithm | rsaEncryption |
| (0)RSA Public Key | (1024 bit) |
| (0) | Public-Key: (1024 bit) |
| (0) | Modulus: |
| (0) | 00:f3:41:2b:36:2b:1c:94:f9:00:09:1c:03:00:b0: |
| (0) | 25:c7:b8:bf:7b:ec:2e:7b:2c:3b:1a:5c:15:a3:55: |
| (0) | d3:d5:e1:43:aa:82:9b:a4:15:bc:75:3c:f2:97:06: |
| (0) | c9:d8:a5:9d:de:cc:45:e5:bb:7e:c3:a1:2d:f2:30: |
| (0) | d3:84:24:b6:21:c7:7d:9e:83:17:30:0a:7d:6e:c3: |
| (0) | 6f:d8:0b:b5:31:f4:80:ad:eb:72:76:3e:c5:65:cb: |
| (0) | 04:4d:6d:cb:ab:00:13:e1:d0:54:12:e0:4a:b2:e6: |
| (0) | 68:1c:bf:03:a0:a7:34:c7:a1:9d:79:c7:4b:c7:ae: |
| (0) | 39:73:2c:aa:4a:a6:d0:90:c3 |
| (0) | Exponent: 65537 (0x10001) |
| (0)Signature | (128 octets) |
| (0) | c2:b0:a4:c9:ae:cc:87:77:e5:ff:ec:f6:f2:3f:f2:83 |
| (0) | f2:16:64:50:b1:8d:ba:8d:d4:09:c3:06:98:91:36:6d |
| (0) | 2e:c8:a8:84:9b:d8:c6:68:dd:54:d3:02:18:06:4d:53 |
| (0) | 3d:b9:39:45:05:04:44:5d:75:26:83:8c:dc:bf:ca:dd |
| (0) | d4:f3:71:e5:d3:43:af:86:85:46:1c:07:8c:86:71:28 |
| (0) | db:39:e8:12:f7:1f:0b:81:f3:a6:27:f8:64:f9:95:c3 |
| (0) | 77:50:73:e5:33:90:40:27:65:44:e2:bc:16:63:c5:8c |
| (0) | 49:15:66:ea:5e:7f:d9:dc:72:b4:2b:08:ff:83:c2:a9 |